* @ngdoc service * @name $interpolate * @kind function * * @requires $parse * @requires $sce * * @description * * Compiles a string with markup into an interpolation function. This service is used by the * HTML ng.$compile $compile service fo
(text, mustHaveExpression, trustedContext, allOrNothing)
| 11329 | * - `context`: evaluation context for all expressions embedded in the interpolated text |
| 11330 | */ |
| 11331 | function $interpolate(text, mustHaveExpression, trustedContext, allOrNothing) { |
| 11332 | allOrNothing = !!allOrNothing; |
| 11333 | var startIndex, |
| 11334 | endIndex, |
| 11335 | index = 0, |
| 11336 | expressions = [], |
| 11337 | parseFns = [], |
| 11338 | textLength = text.length, |
| 11339 | exp, |
| 11340 | concat = [], |
| 11341 | expressionPositions = []; |
| 11342 | |
| 11343 | while (index < textLength) { |
| 11344 | if (((startIndex = text.indexOf(startSymbol, index)) != -1) && |
| 11345 | ((endIndex = text.indexOf(endSymbol, startIndex + startSymbolLength)) != -1)) { |
| 11346 | if (index !== startIndex) { |
| 11347 | concat.push(unescapeText(text.substring(index, startIndex))); |
| 11348 | } |
| 11349 | exp = text.substring(startIndex + startSymbolLength, endIndex); |
| 11350 | expressions.push(exp); |
| 11351 | parseFns.push($parse(exp, parseStringifyInterceptor)); |
| 11352 | index = endIndex + endSymbolLength; |
| 11353 | expressionPositions.push(concat.length); |
| 11354 | concat.push(''); |
| 11355 | } else { |
| 11356 | // we did not find an interpolation, so we have to add the remainder to the separators array |
| 11357 | if (index !== textLength) { |
| 11358 | concat.push(unescapeText(text.substring(index))); |
| 11359 | } |
| 11360 | break; |
| 11361 | } |
| 11362 | } |
| 11363 | |
| 11364 | // Concatenating expressions makes it hard to reason about whether some combination of |
| 11365 | // concatenated values are unsafe to use and could easily lead to XSS. By requiring that a |
| 11366 | // single expression be used for iframe[src], object[src], etc., we ensure that the value |
| 11367 | // that's used is assigned or constructed by some JS code somewhere that is more testable or |
| 11368 | // make it obvious that you bound the value to some user controlled value. This helps reduce |
| 11369 | // the load when auditing for XSS issues. |
| 11370 | if (trustedContext && concat.length > 1) { |
| 11371 | $interpolateMinErr.throwNoconcat(text); |
| 11372 | } |
| 11373 | |
| 11374 | if (!mustHaveExpression || expressions.length) { |
| 11375 | var compute = function(values) { |
| 11376 | for (var i = 0, ii = expressions.length; i < ii; i++) { |
| 11377 | if (allOrNothing && isUndefined(values[i])) return; |
| 11378 | concat[expressionPositions[i]] = values[i]; |
| 11379 | } |
| 11380 | return concat.join(''); |
| 11381 | }; |
| 11382 | |
| 11383 | var getValue = function(value) { |
| 11384 | return trustedContext ? |
| 11385 | $sce.getTrusted(trustedContext, value) : |
| 11386 | $sce.valueOf(value); |
| 11387 | }; |
| 11388 |
no test coverage detected