MCPcopy Index your code
hub / github.com/angular-ui/ui-router / allowAutoBootstrap

Function allowAutoBootstrap

test/angular/1.5/angular.js:1517–1546  ·  view source on GitHub ↗
(document)

Source from the content-addressed store, hash-verified

1515}
1516
1517function allowAutoBootstrap(document) {
1518 var script = document.currentScript;
1519 var src = script && script.getAttribute('src');
1520
1521 if (!src) {
1522 return true;
1523 }
1524
1525 var link = document.createElement('a');
1526 link.href = src;
1527
1528 if (document.location.origin === link.origin) {
1529 // Same-origin resources are always allowed, even for non-whitelisted schemes.
1530 return true;
1531 }
1532 // Disabled bootstrapping unless angular.js was loaded from a known scheme used on the web.
1533 // This is to prevent angular.js bundled with browser extensions from being used to bypass the
1534 // content security policy in web pages and other browser extensions.
1535 switch (link.protocol) {
1536 case 'http:':
1537 case 'https:':
1538 case 'ftp:':
1539 case 'blob:':
1540 case 'file:':
1541 case 'data:':
1542 return true;
1543 default:
1544 return false;
1545 }
1546}
1547
1548// Cached as it has to run during loading so that document.currentScript is available.
1549var isAutoBootstrapAllowed = allowAutoBootstrap(window.document);

Callers 1

angular.jsFile · 0.70

Calls

no outgoing calls

Tested by

no test coverage detected