* create an HTML/XML writer which writes to buffer * @param {Array} buf use buf.jain('') to get out sanitized html string * @returns {object} in the form of { * start: function(tag, attrs, unary) {}, * end: function(tag) {}, * chars: function(text) {}, * comment: function(text)
(buf, uriValidator)
| 611 | * } |
| 612 | */ |
| 613 | function htmlSanitizeWriter(buf, uriValidator) { |
| 614 | var ignore = false; |
| 615 | var out = angular.bind(buf, buf.push); |
| 616 | return { |
| 617 | start: function(tag, attrs, unary) { |
| 618 | tag = angular.lowercase(tag); |
| 619 | if (!ignore && specialElements[tag]) { |
| 620 | ignore = tag; |
| 621 | } |
| 622 | if (!ignore && validElements[tag] === true) { |
| 623 | out('<'); |
| 624 | out(tag); |
| 625 | angular.forEach(attrs, function(value, key) { |
| 626 | var lkey=angular.lowercase(key); |
| 627 | var isImage=(tag === 'img' && lkey === 'src') || (lkey === 'background'); |
| 628 | if ((lkey === 'style' && (value = validStyles(value)) !== '') || validCustomTag(tag, attrs, lkey, value) || validAttrs[lkey] === true && |
| 629 | (uriAttrs[lkey] !== true || uriValidator(value, isImage))) { |
| 630 | out(' '); |
| 631 | out(key); |
| 632 | out('="'); |
| 633 | out(encodeEntities(value)); |
| 634 | out('"'); |
| 635 | } |
| 636 | }); |
| 637 | out(unary ? '/>' : '>'); |
| 638 | } |
| 639 | }, |
| 640 | comment: function (com) { |
| 641 | out(com); |
| 642 | }, |
| 643 | whitespace: function (ws) { |
| 644 | out(encodeEntities(ws)); |
| 645 | }, |
| 646 | end: function(tag) { |
| 647 | tag = angular.lowercase(tag); |
| 648 | if (!ignore && validElements[tag] === true) { |
| 649 | out('</'); |
| 650 | out(tag); |
| 651 | out('>'); |
| 652 | } |
| 653 | if (tag == ignore) { |
| 654 | ignore = false; |
| 655 | } |
| 656 | }, |
| 657 | chars: function(chars) { |
| 658 | if (!ignore) { |
| 659 | out(encodeEntities(chars)); |
| 660 | } |
| 661 | } |
| 662 | }; |
| 663 | } |
| 664 | |
| 665 | |
| 666 | // define ngSanitize module and register $sanitize service |
no test coverage detected