* @ngdoc service * @name $sce * @kind function * * @description * * `$sce` is a service that provides Strict Contextual Escaping services to AngularJS. * * ## Strict Contextual Escaping * * Strict Contextual Escaping (SCE) is a mode in which AngularJS constrains bindings to only render *
()
| 20036 | */ |
| 20037 | |
| 20038 | function $SceProvider() { |
| 20039 | var enabled = true; |
| 20040 | |
| 20041 | /** |
| 20042 | * @ngdoc method |
| 20043 | * @name $sceProvider#enabled |
| 20044 | * @kind function |
| 20045 | * |
| 20046 | * @param {boolean=} value If provided, then enables/disables SCE application-wide. |
| 20047 | * @return {boolean} True if SCE is enabled, false otherwise. |
| 20048 | * |
| 20049 | * @description |
| 20050 | * Enables/disables SCE and returns the current value. |
| 20051 | */ |
| 20052 | this.enabled = function(value) { |
| 20053 | if (arguments.length) { |
| 20054 | enabled = !!value; |
| 20055 | } |
| 20056 | return enabled; |
| 20057 | }; |
| 20058 | |
| 20059 | |
| 20060 | /* Design notes on the default implementation for SCE. |
| 20061 | * |
| 20062 | * The API contract for the SCE delegate |
| 20063 | * ------------------------------------- |
| 20064 | * The SCE delegate object must provide the following 3 methods: |
| 20065 | * |
| 20066 | * - trustAs(contextEnum, value) |
| 20067 | * This method is used to tell the SCE service that the provided value is OK to use in the |
| 20068 | * contexts specified by contextEnum. It must return an object that will be accepted by |
| 20069 | * getTrusted() for a compatible contextEnum and return this value. |
| 20070 | * |
| 20071 | * - valueOf(value) |
| 20072 | * For values that were not produced by trustAs(), return them as is. For values that were |
| 20073 | * produced by trustAs(), return the corresponding input value to trustAs. Basically, if |
| 20074 | * trustAs is wrapping the given values into some type, this operation unwraps it when given |
| 20075 | * such a value. |
| 20076 | * |
| 20077 | * - getTrusted(contextEnum, value) |
| 20078 | * This function should return the a value that is safe to use in the context specified by |
| 20079 | * contextEnum or throw and exception otherwise. |
| 20080 | * |
| 20081 | * NOTE: This contract deliberately does NOT state that values returned by trustAs() must be |
| 20082 | * opaque or wrapped in some holder object. That happens to be an implementation detail. For |
| 20083 | * instance, an implementation could maintain a registry of all trusted objects by context. In |
| 20084 | * such a case, trustAs() would return the same object that was passed in. getTrusted() would |
| 20085 | * return the same object passed in if it was found in the registry under a compatible context or |
| 20086 | * throw an exception otherwise. An implementation might only wrap values some of the time based |
| 20087 | * on some criteria. getTrusted() might return a value and not throw an exception for special |
| 20088 | * constants or objects even if not wrapped. All such implementations fulfill this contract. |
| 20089 | * |
| 20090 | * |
| 20091 | * A note on the inheritance model for SCE contexts |
| 20092 | * ------------------------------------------------ |
| 20093 | * I've used inheritance and made RESOURCE_URL wrapped types a subtype of URL wrapped types. This |
| 20094 | * is purely an implementation details. |
| 20095 | * |
nothing calls this directly
no test coverage detected