* @ngdoc method * @name $sceDelegate#getTrusted * * @description * Takes any input, and either returns a value that's safe to use in the specified context, or * throws an exception. * * In practice, there are several cases. When given a string, this function runs c
(type, maybeTrusted)
| 19700 | * exception if this is impossible. |
| 19701 | */ |
| 19702 | function getTrusted(type, maybeTrusted) { |
| 19703 | if (maybeTrusted === null || isUndefined(maybeTrusted) || maybeTrusted === '') { |
| 19704 | return maybeTrusted; |
| 19705 | } |
| 19706 | var constructor = (byType.hasOwnProperty(type) ? byType[type] : null); |
| 19707 | // If maybeTrusted is a trusted class instance or subclass instance, then unwrap and return |
| 19708 | // as-is. |
| 19709 | if (constructor && maybeTrusted instanceof constructor) { |
| 19710 | return maybeTrusted.$$unwrapTrustedValue(); |
| 19711 | } |
| 19712 | // Otherwise, if we get here, then we may either make it safe, or throw an exception. This |
| 19713 | // depends on the context: some are sanitizatible (HTML), some use whitelists (RESOURCE_URL), |
| 19714 | // some are impossible to do (JS). This step isn't implemented for CSS and URL, as AngularJS |
| 19715 | // has no corresponding sinks. |
| 19716 | if (type === SCE_CONTEXTS.RESOURCE_URL) { |
| 19717 | // RESOURCE_URL uses a whitelist. |
| 19718 | if (isResourceUrlAllowedByPolicy(maybeTrusted)) { |
| 19719 | return maybeTrusted; |
| 19720 | } else { |
| 19721 | throw $sceMinErr('insecurl', |
| 19722 | 'Blocked loading resource from url not allowed by $sceDelegate policy. URL: {0}', |
| 19723 | maybeTrusted.toString()); |
| 19724 | } |
| 19725 | } else if (type === SCE_CONTEXTS.HTML) { |
| 19726 | // htmlSanitizer throws its own error when no sanitizer is available. |
| 19727 | return htmlSanitizer(maybeTrusted); |
| 19728 | } |
| 19729 | // Default error when the $sce service has no way to make the input safe. |
| 19730 | throw $sceMinErr('unsafe', 'Attempting to use an unsafe value in a safe context.'); |
| 19731 | } |
| 19732 | |
| 19733 | return { trustAs: trustAs, |
| 19734 | getTrusted: getTrusted, |
no test coverage detected