* @ngdoc method * @name $sceDelegate#getTrusted * * @description * Given an object and a security context in which to assign it, returns a value that's safe to * use in this context, which was represented by the parameter. To do so, this function either * unwraps the sa
(type, maybeTrusted)
| 20328 | * exception if this is impossible. |
| 20329 | */ |
| 20330 | function getTrusted(type, maybeTrusted) { |
| 20331 | if (maybeTrusted === null || isUndefined(maybeTrusted) || maybeTrusted === '') { |
| 20332 | return maybeTrusted; |
| 20333 | } |
| 20334 | var constructor = (byType.hasOwnProperty(type) ? byType[type] : null); |
| 20335 | // If maybeTrusted is a trusted class instance or subclass instance, then unwrap and return |
| 20336 | // as-is. |
| 20337 | if (constructor && maybeTrusted instanceof constructor) { |
| 20338 | return maybeTrusted.$$unwrapTrustedValue(); |
| 20339 | } |
| 20340 | |
| 20341 | // If maybeTrusted is a trusted class instance but not of the correct trusted type |
| 20342 | // then unwrap it and allow it to pass through to the rest of the checks |
| 20343 | if (isFunction(maybeTrusted.$$unwrapTrustedValue)) { |
| 20344 | maybeTrusted = maybeTrusted.$$unwrapTrustedValue(); |
| 20345 | } |
| 20346 | |
| 20347 | // If we get here, then we will either sanitize the value or throw an exception. |
| 20348 | if (type === SCE_CONTEXTS.MEDIA_URL || type === SCE_CONTEXTS.URL) { |
| 20349 | // we attempt to sanitize non-resource URLs |
| 20350 | return $$sanitizeUri(maybeTrusted.toString(), type === SCE_CONTEXTS.MEDIA_URL); |
| 20351 | } else if (type === SCE_CONTEXTS.RESOURCE_URL) { |
| 20352 | if (isResourceUrlAllowedByPolicy(maybeTrusted)) { |
| 20353 | return maybeTrusted; |
| 20354 | } else { |
| 20355 | throw $sceMinErr('insecurl', |
| 20356 | 'Blocked loading resource from url not allowed by $sceDelegate policy. URL: {0}', |
| 20357 | maybeTrusted.toString()); |
| 20358 | } |
| 20359 | } else if (type === SCE_CONTEXTS.HTML) { |
| 20360 | // htmlSanitizer throws its own error when no sanitizer is available. |
| 20361 | return htmlSanitizer(maybeTrusted); |
| 20362 | } |
| 20363 | // Default error when the $sce service has no way to make the input safe. |
| 20364 | throw $sceMinErr('unsafe', 'Attempting to use an unsafe value in a safe context.'); |
| 20365 | } |
| 20366 | |
| 20367 | return { trustAs: trustAs, |
| 20368 | getTrusted: getTrusted, |
no test coverage detected