MCPcopy Index your code
hub / github.com/angular-ui/ui-router / getTrusted

Function getTrusted

test/angular/1.7/angular.js:20330–20365  ·  view source on GitHub ↗

* @ngdoc method * @name $sceDelegate#getTrusted * * @description * Given an object and a security context in which to assign it, returns a value that's safe to * use in this context, which was represented by the parameter. To do so, this function either * unwraps the sa

(type, maybeTrusted)

Source from the content-addressed store, hash-verified

20328 * exception if this is impossible.
20329 */
20330 function getTrusted(type, maybeTrusted) {
20331 if (maybeTrusted === null || isUndefined(maybeTrusted) || maybeTrusted === '') {
20332 return maybeTrusted;
20333 }
20334 var constructor = (byType.hasOwnProperty(type) ? byType[type] : null);
20335 // If maybeTrusted is a trusted class instance or subclass instance, then unwrap and return
20336 // as-is.
20337 if (constructor && maybeTrusted instanceof constructor) {
20338 return maybeTrusted.$$unwrapTrustedValue();
20339 }
20340
20341 // If maybeTrusted is a trusted class instance but not of the correct trusted type
20342 // then unwrap it and allow it to pass through to the rest of the checks
20343 if (isFunction(maybeTrusted.$$unwrapTrustedValue)) {
20344 maybeTrusted = maybeTrusted.$$unwrapTrustedValue();
20345 }
20346
20347 // If we get here, then we will either sanitize the value or throw an exception.
20348 if (type === SCE_CONTEXTS.MEDIA_URL || type === SCE_CONTEXTS.URL) {
20349 // we attempt to sanitize non-resource URLs
20350 return $$sanitizeUri(maybeTrusted.toString(), type === SCE_CONTEXTS.MEDIA_URL);
20351 } else if (type === SCE_CONTEXTS.RESOURCE_URL) {
20352 if (isResourceUrlAllowedByPolicy(maybeTrusted)) {
20353 return maybeTrusted;
20354 } else {
20355 throw $sceMinErr('insecurl',
20356 'Blocked loading resource from url not allowed by $sceDelegate policy. URL: {0}',
20357 maybeTrusted.toString());
20358 }
20359 } else if (type === SCE_CONTEXTS.HTML) {
20360 // htmlSanitizer throws its own error when no sanitizer is available.
20361 return htmlSanitizer(maybeTrusted);
20362 }
20363 // Default error when the $sce service has no way to make the input safe.
20364 throw $sceMinErr('unsafe', 'Attempting to use an unsafe value in a safe context.');
20365 }
20366
20367 return { trustAs: trustAs,
20368 getTrusted: getTrusted,

Callers 1

$SceProviderFunction · 0.70

Calls 4

isUndefinedFunction · 0.70
isFunctionFunction · 0.70
htmlSanitizerFunction · 0.70

Tested by

no test coverage detected