Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

Commit 7fef06f

Browse files
petebacondarwinpetebacondarwin
committed
fix(sanitize): match URI schemes case-insensitively
According to RFC 3986 (http://tools.ietf.org/html/rfc3986#section-3.1) schemes such as http or mailto are case-insensitive. So links such as http://server/ and HTTP://server/ are valid and equivalent. Closes #3210
1 parent 3371fc2 commit 7fef06f

File tree

2 files changed

+6
-1
lines changed

2 files changed

+6
-1
lines changed

src/ngSanitize/sanitize.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,7 @@ var START_TAG_REGEXP = /^<\s*([\w:-]+)((?:\s+[\w:-]+(?:\s*=\s*(?:(?:"[^"]*")|(?:
142142
BEGING_END_TAGE_REGEXP = /^<\s*\//,
143143
COMMENT_REGEXP = /<!--(.*?)-->/g,
144144
CDATA_REGEXP = /<!\[CDATA\[(.*?)]]>/g,
145-
URI_REGEXP = /^((ftp|https?):\/\/|mailto:|tel:|#)/,
145+
URI_REGEXP = /^((ftp|https?):\/\/|mailto:|tel:|#)/i,
146146
NON_ALPHANUMERIC_REGEXP = /([^\#-~| |!])/g; // Match everything outside of normal chars and " (quote character)
147147

148148

test/ngSanitize/sanitizeSpec.js

+5
Original file line numberDiff line numberDiff line change
@@ -227,10 +227,15 @@ describe('HTML', function() {
227227

228228
it('should be URI', function() {
229229
expect(isUri('http://abc')).toBeTruthy();
230+
expect(isUri('HTTP://abc')).toBeTruthy();
230231
expect(isUri('https://abc')).toBeTruthy();
232+
expect(isUri('HTTPS://abc')).toBeTruthy();
231233
expect(isUri('ftp://abc')).toBeTruthy();
234+
expect(isUri('FTP://abc')).toBeTruthy();
232235
expect(isUri('mailto:me@example.com')).toBeTruthy();
236+
expect(isUri('MAILTO:me@example.com')).toBeTruthy();
233237
expect(isUri('tel:123-123-1234')).toBeTruthy();
238+
expect(isUri('TEL:123-123-1234')).toBeTruthy();
234239
expect(isUri('#anchor')).toBeTruthy();
235240
});
236241

0 commit comments

Comments
 (0)