@@ -64,14 +64,16 @@ describe('ngInclude', function() {
6464 } ) ) ;
6565
6666
67- it ( 'should NOT use untrusted expressions ' , inject ( putIntoCache ( 'myUrl' , '{{name}} text' ) ,
67+ it ( 'should NOT use untrusted URL expressions ' , inject ( putIntoCache ( 'myUrl' , '{{name}} text' ) ,
6868 function ( $rootScope , $compile , $sce ) {
6969 element = jqLite ( '<ng:include src="url"></ng:include>' ) ;
7070 jqLite ( document . body ) . append ( element ) ;
7171 element = $compile ( element ) ( $rootScope ) ;
7272 $rootScope . name = 'chirayu' ;
73- $rootScope . url = 'myUrl' ;
74- expect ( $rootScope . $digest ) . toThrow ( ) ;
73+ $rootScope . url = 'http://example.com/myUrl' ;
74+ expect ( function ( ) { $rootScope . $digest ( ) ; } ) . toThrowMinErr (
75+ '$sce' , 'insecurl' ,
76+ / B l o c k e d l o a d i n g r e s o u r c e f r o m u r l n o t a l l o w e d b y \$ s c e D e l e g a t e p o l i c y . U R L : h t t p : \/ \/ e x a m p l e .c o m \/ m y U r l .* / ) ;
7577 jqLite ( document . body ) . html ( '' ) ;
7678 } ) ) ;
7779
@@ -82,11 +84,14 @@ describe('ngInclude', function() {
8284 jqLite ( document . body ) . append ( element ) ;
8385 element = $compile ( element ) ( $rootScope ) ;
8486 $rootScope . name = 'chirayu' ;
85- $rootScope . url = $sce . trustAsUrl ( 'myUrl' ) ;
86- expect ( $rootScope . $digest ) . toThrow ( ) ;
87+ $rootScope . url = $sce . trustAsUrl ( 'http://example.com/myUrl' ) ;
88+ expect ( function ( ) { $rootScope . $digest ( ) ; } ) . toThrowMinErr (
89+ '$sce' , 'insecurl' ,
90+ / B l o c k e d l o a d i n g r e s o u r c e f r o m u r l n o t a l l o w e d b y \$ s c e D e l e g a t e p o l i c y . U R L : h t t p : \/ \/ e x a m p l e .c o m \/ m y U r l .* / ) ;
8791 jqLite ( document . body ) . html ( '' ) ;
8892 } ) ) ;
8993
94+
9095 it ( 'should remove previously included text if a falsy value is bound to src' , inject (
9196 putIntoCache ( 'myUrl' , '{{name}}' ) ,
9297 function ( $rootScope , $compile ) {
0 commit comments