Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

Commit b7e82a3

Browse files
btfordbtford
committed
fix($sanitize): sanitize javascript urls with comments
Closes #8274
1 parent 6fdaa3d commit b7e82a3

File tree

2 files changed

+6
-1
lines changed

2 files changed

+6
-1
lines changed

src/ng/sanitizeUri.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
*/
77
function $$SanitizeUriProvider() {
88
var aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/,
9-
imgSrcSanitizationWhitelist = /^\s*(https?|ftp|file|blob):|data:image\//;
9+
imgSrcSanitizationWhitelist = /^\s*((https?|ftp|file|blob):|data:image\/)/;
1010

1111
/**
1212
* @description

test/ng/sanitizeUriSpec.js

+5
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,11 @@ describe('sanitizeUri', function() {
3030
expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:doEvilStuff()');
3131
});
3232

33+
it('should sanitize javascript: urls with comments', function() {
34+
testUrl = "javascript:alert(1)//data:image/";
35+
expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:alert(1)//data:image/');
36+
});
37+
3338
it('should sanitize non-image data: urls', function() {
3439
testUrl = "data:application/javascript;charset=US-ASCII,alert('evil!');";
3540
expect(sanitizeImg(testUrl)).toBe("unsafe:data:application/javascript;charset=US-ASCII,alert('evil!');");

0 commit comments

Comments
 (0)