SQUASH! minor refactoring of interpolate service

Deals with @jbedard's comments.
angular · Dec 20, 2017 · a1611a4 · a1611a4
1 parent b80eca8
commit a1611a4
Showing 1 changed file with 21 additions and 38 deletions.
diff --git a/src/ng/interpolate.js b/src/ng/interpolate.js
@@ -260,12 +260,12 @@ function $InterpolateProvider() {
           endIndex,
           index = 0,
           expressions = [],
-          parseFns = [],
+          parseFns,
           textLength = text.length,
           exp,
           concat = [],
           expressionPositions = [],
-          singleExpression = false,
+          singleExpression,
           contextAllowsConcatenation = isConcatenationAllowed(trustedContext);
 
       while (index < textLength) {
@@ -276,7 +276,6 @@ function $InterpolateProvider() {
           }
           exp = text.substring(startIndex + startSymbolLength, endIndex);
           expressions.push(exp);
-          parseFns.push($parse(exp, parseStringifyInterceptor));
           index = endIndex + endSymbolLength;
           expressionPositions.push(concat.length);
           concat.push(''); // Placeholder that will get replaced with the evaluated expression.
@@ -289,9 +288,10 @@ function $InterpolateProvider() {
         }
       }
 
-      if (concat.length === 1 && expressionPositions.length === 1) {
-        singleExpression = true;
-      }
+      singleExpression = concat.length === 1 && expressionPositions.length === 1;
+      parseFns = contextAllowsConcatenation && singleExpression ?
+                  [$parse(expressions[0])] :
+                  expressions.map(function(exp) { return $parse(exp, parseStringifyInterceptor); });
 
       // Concatenating expressions makes it hard to reason about whether some combination of
       // concatenated values are unsafe to use and could easily lead to XSS.  By requiring that a
@@ -314,32 +314,13 @@ function $InterpolateProvider() {
           }
 
           if (contextAllowsConcatenation) {
-            if (singleExpression) {
-              // The raw value was left as-is by parseStringifyInterceptor
-              return $sce.getTrusted(trustedContext, concat[0]);
-            } else {
-              return $sce.getTrusted(trustedContext, concat.join(''));
-            }
-          } else if (trustedContext) {
-            if (concat.length > 1) {
-              // there's at least two parts, so expr + string or exp + exp, and this context
-              // doesn't allow that.
-              $interpolateMinErr.throwNoconcat(text);
-            } else {
-              return concat.join('');
-            }
-          } else { // In an unprivileged context, just concatenate and return.
-            return concat.join('');
+            return $sce.getTrusted(trustedContext, singleExpression ? concat[0] : concat.join(''));
+          } else if (trustedContext && concat.length > 1) {
+            // This context does not allow more than one part, e.g. expr + string or exp + exp.
+            $interpolateMinErr.throwNoconcat(text);
           }
-        };
-
-        var getValue = function(value) {
-          // In concatenable contexts, getTrusted comes at the end, to avoid sanitizing individual
-          // parts of a full URL. We don't care about losing the trustedness here, that's handled in
-          // parseStringifyInterceptor below.
-          return (trustedContext && !contextAllowsConcatenation) ?
-            $sce.getTrusted(trustedContext, value) :
-            $sce.valueOf(value);
+          // In an unprivileged context or only one part: just concatenate and return.
+          return concat.join('');
         };
 
         return extend(function interpolationFn(context) {
@@ -374,13 +355,15 @@ function $InterpolateProvider() {
 
       function parseStringifyInterceptor(value) {
         try {
-          if (contextAllowsConcatenation && singleExpression) {
-            // No stringification in this case, to keep the trusted value until unwrapping.
-            return value;
-          } else {
-            value = getValue(value);
-            return allOrNothing && !isDefined(value) ? value : stringify(value);
-          }
+          // No stringification in this case, to keep the trusted value until unwrapping.
+          if (contextAllowsConcatenation && singleExpression) return value;
+
+          // In concatenable contexts, getTrusted comes at the end, to avoid sanitizing individual
+          // parts of a full URL. We don't care about losing the trustedness here.
+          value = (trustedContext && !contextAllowsConcatenation) ?
+                    $sce.getTrusted(trustedContext, value) :
+                    $sce.valueOf(value);
+          return allOrNothing && !isDefined(value) ? value : stringify(value);
         } catch (err) {
           $exceptionHandler($interpolateMinErr.interr(text, err));
         }