(nodeName, attrNormalizedName)
| 11027 | |
| 11028 | |
| 11029 | function getTrustedAttrContext(nodeName, attrNormalizedName) { |
| 11030 | if (attrNormalizedName === 'srcdoc') { |
| 11031 | return $sce.HTML; |
| 11032 | } |
| 11033 | // All nodes with src attributes require a RESOURCE_URL value, except for |
| 11034 | // img and various html5 media nodes, which require the MEDIA_URL context. |
| 11035 | if (attrNormalizedName === 'src' || attrNormalizedName === 'ngSrc') { |
| 11036 | if (['img', 'video', 'audio', 'source', 'track'].indexOf(nodeName) === -1) { |
| 11037 | return $sce.RESOURCE_URL; |
| 11038 | } |
| 11039 | return $sce.MEDIA_URL; |
| 11040 | } else if (attrNormalizedName === 'xlinkHref') { |
| 11041 | // Some xlink:href are okay, most aren't |
| 11042 | if (nodeName === 'image') return $sce.MEDIA_URL; |
| 11043 | if (nodeName === 'a') return $sce.URL; |
| 11044 | return $sce.RESOURCE_URL; |
| 11045 | } else if ( |
| 11046 | // Formaction |
| 11047 | (nodeName === 'form' && attrNormalizedName === 'action') || |
| 11048 | // If relative URLs can go where they are not expected to, then |
| 11049 | // all sorts of trust issues can arise. |
| 11050 | (nodeName === 'base' && attrNormalizedName === 'href') || |
| 11051 | // links can be stylesheets or imports, which can run script in the current origin |
| 11052 | (nodeName === 'link' && attrNormalizedName === 'href') |
| 11053 | ) { |
| 11054 | return $sce.RESOURCE_URL; |
| 11055 | } else if (nodeName === 'a' && (attrNormalizedName === 'href' || |
| 11056 | attrNormalizedName === 'ngHref')) { |
| 11057 | return $sce.URL; |
| 11058 | } |
| 11059 | } |
| 11060 | |
| 11061 | function getTrustedPropContext(nodeName, propNormalizedName) { |
| 11062 | var prop = propNormalizedName.toLowerCase(); |
no outgoing calls
no test coverage detected