Skip to content
This repository has been archived by the owner on Apr 12, 2024. It is now read-only.

ngsanitize problems with doctype #3931

Closed
wants to merge 5 commits into from
Closed

ngsanitize problems with doctype #3931

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3dae51e
Added case for doctype
paolodm Sep 8, 2013
5ab4638
Changed to use regex instead of indexOf
paolodm Sep 8, 2013
855bcfd
Fixed bug with doctype replacement
paolodm Sep 9, 2013
183a078
Removed space at end
paolodm Sep 9, 2013
6dc1f30
Removed unnecessary space.
paolodm Sep 9, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions src/ngSanitize/sanitize.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ var START_TAG_REGEXP = /^<\s*([\w:-]+)((?:\s+[\w:-]+(?:\s*=\s*(?:(?:"[^"]*")|(?:
BEGIN_TAG_REGEXP = /^</,
BEGING_END_TAGE_REGEXP = /^<\s*\//,
COMMENT_REGEXP = /<!--(.*?)-->/g,
DOCTYPE_REGEXP = /<!DOCTYPE(.*?)>/i,
CDATA_REGEXP = /<!\[CDATA\[(.*?)]]>/g,
URI_REGEXP = /^((ftp|https?):\/\/|mailto:|tel:|#)/i,
NON_ALPHANUMERIC_REGEXP = /([^\#-~| |!])/g; // Match everything outside of normal chars and " (quote character)
Expand Down Expand Up @@ -217,7 +218,14 @@ function htmlParser( html, handler ) {
html = html.substring( index + 3 );
chars = false;
}
// DOCTYPE
} else if ( DOCTYPE_REGEXP.test(html) ) {
match = html.match( DOCTYPE_REGEXP );

if ( match ) {
html = html.replace( match[0] , '');
chars = false;
}
// end tag
} else if ( BEGING_END_TAGE_REGEXP.test(html) ) {
match = html.match( END_TAG_REGEXP );
Expand Down
9 changes: 7 additions & 2 deletions test/ngSanitize/sanitizeSpec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ describe('HTML', function() {
attrs: attrs,
unary: unary
};
// Since different browsers handle newlines differenttly we trim
// Since different browsers handle newlines differently we trim
// so that it is easier to write tests.
angular.forEach(attrs, function(value, key) {
attrs[key] = value.replace(/^\s*/, '').replace(/\s*$/, '')
Expand Down Expand Up @@ -80,6 +80,12 @@ describe('HTML', function() {
expectHTML('a<SCRIPT>evil< / scrIpt >c.').toEqual('ac.');
});

it('should remove DOCTYPE header', function() {
expectHTML('a<!DOCTYPE html>c.').toEqual('ac.');
expectHTML('a<!DocTyPe html>c.').toEqual('ac.');
expectHTML('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">').toEqual('');
});

it('should remove nested script', function() {
expectHTML('a< SCRIPT >A< SCRIPT >evil< / scrIpt >B< / scrIpt >c.').toEqual('ac.');
});
Expand Down Expand Up @@ -287,6 +293,5 @@ describe('HTML', function() {
expect(' &#14; java\u0000\u0000script:alert("D");').not.toBeValidUrl();
});
});

});
});