MCPcopy
hub / github.com/angular-ui/ui-router / getTrustedAttrContext

Function getTrustedAttrContext

test/angular/1.7/angular.js:11029–11059  ·  view source on GitHub ↗
(nodeName, attrNormalizedName)

Source from the content-addressed store, hash-verified

11027
11028
11029 function getTrustedAttrContext(nodeName, attrNormalizedName) {
11030 if (attrNormalizedName === 'srcdoc') {
11031 return $sce.HTML;
11032 }
11033 // All nodes with src attributes require a RESOURCE_URL value, except for
11034 // img and various html5 media nodes, which require the MEDIA_URL context.
11035 if (attrNormalizedName === 'src' || attrNormalizedName === 'ngSrc') {
11036 if (['img', 'video', 'audio', 'source', 'track'].indexOf(nodeName) === -1) {
11037 return $sce.RESOURCE_URL;
11038 }
11039 return $sce.MEDIA_URL;
11040 } else if (attrNormalizedName === 'xlinkHref') {
11041 // Some xlink:href are okay, most aren't
11042 if (nodeName === 'image') return $sce.MEDIA_URL;
11043 if (nodeName === 'a') return $sce.URL;
11044 return $sce.RESOURCE_URL;
11045 } else if (
11046 // Formaction
11047 (nodeName === 'form' && attrNormalizedName === 'action') ||
11048 // If relative URLs can go where they are not expected to, then
11049 // all sorts of trust issues can arise.
11050 (nodeName === 'base' && attrNormalizedName === 'href') ||
11051 // links can be stylesheets or imports, which can run script in the current origin
11052 (nodeName === 'link' && attrNormalizedName === 'href')
11053 ) {
11054 return $sce.RESOURCE_URL;
11055 } else if (nodeName === 'a' && (attrNormalizedName === 'href' ||
11056 attrNormalizedName === 'ngHref')) {
11057 return $sce.URL;
11058 }
11059 }
11060
11061 function getTrustedPropContext(nodeName, propNormalizedName) {
11062 var prop = propNormalizedName.toLowerCase();

Callers 1

Calls

no outgoing calls

Tested by

no test coverage detected