diff --git a/docs/content/guide/migration.ngdoc b/docs/content/guide/migration.ngdoc index f243eef04a9e..ac76896f6d5e 100644 --- a/docs/content/guide/migration.ngdoc +++ b/docs/content/guide/migration.ngdoc @@ -283,8 +283,8 @@ break. To fix this you need to ensure that the values used for binding to the affected `xlink:href` contexts are considered safe URLs, e.g. by whitelisting them in -`$compileProvider`'s `aHrefSanitizationWhitelist` (for `` elements) or -`imgSrcSanitizationWhitelist` (for `` elements). +`$compileProvider`'s `aHrefSanitizationTrustedUri` (for `` elements) or +`imgSrcSanitizationTrustedUri` (for `` elements).
diff --git a/src/ng/compile.js b/src/ng/compile.js index 92da37dbb07f..c30e1aa530e8 100644 --- a/src/ng/compile.js +++ b/src/ng/compile.js @@ -1116,7 +1116,7 @@ * By default, `$sce` will throw an error if it detects untrusted HTML content, and will not bind the * content. * However, if you include the {@link ngSanitize ngSanitize module}, it will try to sanitize the - * potentially dangerous HTML, e.g. strip non-whitelisted tags and attributes when binding to + * potentially dangerous HTML, e.g. strip non-trusted tags and attributes when binding to * `innerHTML`. * * @example @@ -1698,62 +1698,64 @@ function $CompileProvider($provide, $$sanitizeUriProvider) { /** * @ngdoc method - * @name $compileProvider#aHrefSanitizationWhitelist + * @name $compileProvider#aHrefSanitizationTrustedUri * @kind function * * @description - * Retrieves or overrides the default regular expression that is used for whitelisting of safe + * Retrieves or overrides the default regular expression that is used for determining trusted safe * urls during a[href] sanitization. * * The sanitization is a security measure aimed at preventing XSS attacks via html links. * * Any url about to be assigned to a[href] via data-binding is first normalized and turned into - * an absolute url. Afterwards, the url is matched against the `aHrefSanitizationWhitelist` + * an absolute url. Afterwards, the url is matched against the `aHrefSanitizationTrustedUri` * regular expression. If a match is found, the original url is written into the dom. Otherwise, * the absolute url is prefixed with `'unsafe:'` string and only then is it written into the DOM. * - * @param {RegExp=} regexp New regexp to whitelist urls with. + * @param {RegExp=} regexp New regexp to trust urls with. * @returns {RegExp|ng.$compileProvider} Current RegExp if called without value or self for * chaining otherwise. */ - this.aHrefSanitizationWhitelist = function(regexp) { + this.aHrefSanitizationTrustedUri = function(regexp) { if (isDefined(regexp)) { - $$sanitizeUriProvider.aHrefSanitizationWhitelist(regexp); + $$sanitizeUriProvider.aHrefSanitizationTrustedUri(regexp); return this; } else { - return $$sanitizeUriProvider.aHrefSanitizationWhitelist(); + return $$sanitizeUriProvider.aHrefSanitizationTrustedUri(); } }; + this.aHrefSanitizationWhitelist = this.aHrefSanitizationTrustedUri; /** * @ngdoc method - * @name $compileProvider#imgSrcSanitizationWhitelist + * @name $compileProvider#imgSrcSanitizationTrustedUri * @kind function * * @description - * Retrieves or overrides the default regular expression that is used for whitelisting of safe + * Retrieves or overrides the default regular expression that is used for determining trusted safe * urls during img[src] sanitization. * * The sanitization is a security measure aimed at prevent XSS attacks via html links. * * Any url about to be assigned to img[src] via data-binding is first normalized and turned into - * an absolute url. Afterwards, the url is matched against the `imgSrcSanitizationWhitelist` + * an absolute url. Afterwards, the url is matched against the `imgSrcSanitizationTrustedUri` * regular expression. If a match is found, the original url is written into the dom. Otherwise, * the absolute url is prefixed with `'unsafe:'` string and only then is it written into the DOM. * - * @param {RegExp=} regexp New regexp to whitelist urls with. + * @param {RegExp=} regexp New regexp to trust urls with. * @returns {RegExp|ng.$compileProvider} Current RegExp if called without value or self for * chaining otherwise. */ - this.imgSrcSanitizationWhitelist = function(regexp) { + this.imgSrcSanitizationTrustedUri = function(regexp) { if (isDefined(regexp)) { - $$sanitizeUriProvider.imgSrcSanitizationWhitelist(regexp); + $$sanitizeUriProvider.imgSrcSanitizationTrustedUri(regexp); return this; } else { - return $$sanitizeUriProvider.imgSrcSanitizationWhitelist(); + return $$sanitizeUriProvider.imgSrcSanitizationTrustedUri(); } }; + this.imgSrcSanitizationWhitelist = this.imgSrcSanitizationTrustedUri; /** * @ngdoc method diff --git a/src/ng/sanitizeUri.js b/src/ng/sanitizeUri.js index edda8244e406..fc4ebcaacbb4 100644 --- a/src/ng/sanitizeUri.js +++ b/src/ng/sanitizeUri.js @@ -7,12 +7,12 @@ */ function $$SanitizeUriProvider() { - var aHrefSanitizationWhitelist = /^\s*(https?|s?ftp|mailto|tel|file):/, - imgSrcSanitizationWhitelist = /^\s*((https?|ftp|file|blob):|data:image\/)/; + var aHrefSanitizationTrustedUri = /^\s*(https?|s?ftp|mailto|tel|file):/, + imgSrcSanitizationTrustedUri = /^\s*((https?|ftp|file|blob):|data:image\/)/; /** * @description - * Retrieves or overrides the default regular expression that is used for whitelisting of safe + * Retrieves or overrides the default regular expression that is used for determining trusted safe * urls during a[href] sanitization. * * The sanitization is a security measure aimed at prevent XSS attacks via HTML anchor links. @@ -21,27 +21,27 @@ function $$SanitizeUriProvider() { * the $sce.URL security context. When interpolation occurs a call is made to `$sce.trustAsUrl(url)` * which in turn may call `$$sanitizeUri(url, isMedia)` to sanitize the potentially malicious URL. * - * If the URL matches the `aHrefSanitizationWhitelist` regular expression, it is returned unchanged. + * If the URL matches the `aHrefSanitizationTrustedUri` regular expression, it is returned unchanged. * * If there is no match the URL is returned prefixed with `'unsafe:'` to ensure that when it is written * to the DOM it is inactive and potentially malicious code will not be executed. * - * @param {RegExp=} regexp New regexp to whitelist urls with. + * @param {RegExp=} regexp New regexp to trust urls with. * @returns {RegExp|ng.$compileProvider} Current RegExp if called without value or self for * chaining otherwise. */ - this.aHrefSanitizationWhitelist = function(regexp) { + this.aHrefSanitizationTrustedUri = function(regexp) { if (isDefined(regexp)) { - aHrefSanitizationWhitelist = regexp; + aHrefSanitizationTrustedUri = regexp; return this; } - return aHrefSanitizationWhitelist; + return aHrefSanitizationTrustedUri; }; /** * @description - * Retrieves or overrides the default regular expression that is used for whitelisting of safe + * Retrieves or overrides the default regular expression that is used for determining trusted safe * urls during img[src] sanitization. * * The sanitization is a security measure aimed at prevent XSS attacks via HTML image src links. @@ -51,27 +51,28 @@ function $$SanitizeUriProvider() { * `$sce.trustAsMediaUrl(url)` which in turn may call `$$sanitizeUri(url, isMedia)` to sanitize * the potentially malicious URL. * - * If the URL matches the `aImgSanitizationWhitelist` regular expression, it is returned unchanged. + * If the URL matches the `imgSrcSanitizationTrustedUrlList` regular expression, it is returned + * unchanged. * * If there is no match the URL is returned prefixed with `'unsafe:'` to ensure that when it is written * to the DOM it is inactive and potentially malicious code will not be executed. * - * @param {RegExp=} regexp New regexp to whitelist urls with. + * @param {RegExp=} regexp New regexp to trust urls with. * @returns {RegExp|ng.$compileProvider} Current RegExp if called without value or self for * chaining otherwise. */ - this.imgSrcSanitizationWhitelist = function(regexp) { + this.imgSrcSanitizationTrustedUri = function(regexp) { if (isDefined(regexp)) { - imgSrcSanitizationWhitelist = regexp; + imgSrcSanitizationTrustedUri = regexp; return this; } - return imgSrcSanitizationWhitelist; + return imgSrcSanitizationTrustedUri; }; this.$get = function() { return function sanitizeUri(uri, isMediaUrl) { // if (!uri) return uri; - var regex = isMediaUrl ? imgSrcSanitizationWhitelist : aHrefSanitizationWhitelist; + var regex = isMediaUrl ? imgSrcSanitizationTrustedUri : aHrefSanitizationTrustedUri; var normalizedVal = urlResolve(uri && uri.trim()).href; if (normalizedVal !== '' && !normalizedVal.match(regex)) { return 'unsafe:' + normalizedVal; diff --git a/src/ngSanitize/sanitize.js b/src/ngSanitize/sanitize.js index cebf0228fd88..ed47fcb2394d 100644 --- a/src/ngSanitize/sanitize.js +++ b/src/ngSanitize/sanitize.js @@ -46,7 +46,7 @@ var htmlSanitizeWriter; * it into the returned string. * * The whitelist for URL sanitization of attribute values is configured using the functions - * `aHrefSanitizationWhitelist` and `imgSrcSanitizationWhitelist` of {@link $compileProvider}. + * `aHrefSanitizationTrustedUri` and `imgSrcSanitizationTrustedUri` of {@link $compileProvider}. * * The input may also contain SVG markup if this is enabled via {@link $sanitizeProvider}. * @@ -277,8 +277,8 @@ function $SanitizeProvider() { * **Note**: * The new attributes will not be treated as URI attributes, which means their values will not be * sanitized as URIs using `$compileProvider`'s - * {@link ng.$compileProvider#aHrefSanitizationWhitelist aHrefSanitizationWhitelist} and - * {@link ng.$compileProvider#imgSrcSanitizationWhitelist imgSrcSanitizationWhitelist}. + * {@link ng.$compileProvider#aHrefSanitizationTrustedUri aHrefSanitizationTrustedUri} and + * {@link ng.$compileProvider#imgSrcSanitizationTrustedUri imgSrcSanitizationTrustedUri}. * *
* This method must be called during the {@link angular.Module#config config} phase. Once the diff --git a/test/ng/compileSpec.js b/test/ng/compileSpec.js index 83b607d58b31..ef6b904b11da 100644 --- a/test/ng/compileSpec.js +++ b/test/ng/compileSpec.js @@ -151,30 +151,30 @@ describe('$compile', function() { describe('configuration', function() { - it('should use $$sanitizeUriProvider for reconfiguration of the `aHrefSanitizationWhitelist`', function() { + it('should use $$sanitizeUriProvider for reconfiguration of the `aHrefSanitizationTrustedUri`', function() { module(function($compileProvider, $$sanitizeUriProvider) { var newRe = /safe:/, returnVal; - expect($compileProvider.aHrefSanitizationWhitelist()).toBe($$sanitizeUriProvider.aHrefSanitizationWhitelist()); - returnVal = $compileProvider.aHrefSanitizationWhitelist(newRe); + expect($compileProvider.aHrefSanitizationTrustedUri()).toBe($$sanitizeUriProvider.aHrefSanitizationTrustedUri()); + returnVal = $compileProvider.aHrefSanitizationTrustedUri(newRe); expect(returnVal).toBe($compileProvider); - expect($$sanitizeUriProvider.aHrefSanitizationWhitelist()).toBe(newRe); - expect($compileProvider.aHrefSanitizationWhitelist()).toBe(newRe); + expect($$sanitizeUriProvider.aHrefSanitizationTrustedUri()).toBe(newRe); + expect($compileProvider.aHrefSanitizationTrustedUri()).toBe(newRe); }); inject(function() { // needed to the module definition above is run... }); }); - it('should use $$sanitizeUriProvider for reconfiguration of the `imgSrcSanitizationWhitelist`', function() { + it('should use $$sanitizeUriProvider for reconfiguration of the `imgSrcSanitizationTrustedUri`', function() { module(function($compileProvider, $$sanitizeUriProvider) { var newRe = /safe:/, returnVal; - expect($compileProvider.imgSrcSanitizationWhitelist()).toBe($$sanitizeUriProvider.imgSrcSanitizationWhitelist()); - returnVal = $compileProvider.imgSrcSanitizationWhitelist(newRe); + expect($compileProvider.imgSrcSanitizationTrustedUri()).toBe($$sanitizeUriProvider.imgSrcSanitizationTrustedUri()); + returnVal = $compileProvider.imgSrcSanitizationTrustedUri(newRe); expect(returnVal).toBe($compileProvider); - expect($$sanitizeUriProvider.imgSrcSanitizationWhitelist()).toBe(newRe); - expect($compileProvider.imgSrcSanitizationWhitelist()).toBe(newRe); + expect($$sanitizeUriProvider.imgSrcSanitizationTrustedUri()).toBe(newRe); + expect($compileProvider.imgSrcSanitizationTrustedUri()).toBe(newRe); }); inject(function() { // needed to the module definition above is run... @@ -11334,9 +11334,9 @@ describe('$compile', function() { // IE9 rejects the `video` / `audio` tags with "Error: Not implemented" if (msie !== 9 || tag === 'img') { describe(tag + '[src] context requirement', function() { - it('should NOT require trusted values for whitelisted URIs', inject(function($rootScope, $compile) { + it('should NOT require trusted values for trusted URIs', inject(function($rootScope, $compile) { element = $compile('<' + tag + ' src="{{testUrl}}">')($rootScope); - $rootScope.testUrl = 'http://example.com/image.mp4'; // `http` is whitelisted + $rootScope.testUrl = 'http://example.com/image.mp4'; // `http` is trusted $rootScope.$digest(); expect(element.attr('src')).toEqual('http://example.com/image.mp4'); })); @@ -11372,9 +11372,9 @@ describe('$compile', function() { if (msie !== 9) { ['source', 'track'].forEach(function(tag) { describe(tag + '[src]', function() { - it('should NOT require trusted values for whitelisted URIs', inject(function($rootScope, $compile) { + it('should NOT require trusted values for trusted URIs', inject(function($rootScope, $compile) { element = $compile('')($rootScope); - $rootScope.testUrl = 'http://example.com/image.mp4'; // `http` is whitelisted + $rootScope.testUrl = 'http://example.com/image.mp4'; // `http` is trusted $rootScope.$digest(); expect(element.find(tag).attr('src')).toEqual('http://example.com/image.mp4'); })); @@ -11509,14 +11509,14 @@ describe('$compile', function() { }); }); - it('should NOT require trusted values for whitelisted values', inject(function($rootScope, $compile, $sce) { + it('should NOT require trusted values for trusted URI values', inject(function($rootScope, $compile, $sce) { element = $compile('')($rootScope); - $rootScope.testUrl = 'http://example.com/image.png'; // `http` is whitelisted + $rootScope.testUrl = 'http://example.com/image.png'; // `http` is trusted $rootScope.$digest(); expect(element.attr('srcset')).toEqual('http://example.com/image.png'); })); - it('should accept trusted values, if they are also whitelisted', inject(function($rootScope, $compile, $sce) { + it('should accept trusted values, if they are also trusted URIs', inject(function($rootScope, $compile, $sce) { element = $compile('')($rootScope); $rootScope.testUrl = $sce.trustAsUrl('http://example.com'); $rootScope.$digest(); @@ -11602,8 +11602,8 @@ describe('$compile', function() { }); describe('a[href] sanitization', function() { - it('should NOT require trusted values for whitelisted values', inject(function($rootScope, $compile) { - $rootScope.testUrl = 'http://example.com/image.png'; // `http` is whitelisted + it('should NOT require trusted values for trusted URI values', inject(function($rootScope, $compile) { + $rootScope.testUrl = 'http://example.com/image.png'; // `http` is trusted element = $compile('')($rootScope); $rootScope.$digest(); expect(element.attr('href')).toEqual('http://example.com/image.png'); @@ -11613,8 +11613,8 @@ describe('$compile', function() { expect(element.attr('ng-href')).toEqual('http://example.com/image.png'); })); - it('should accept trusted values for non-whitelisted values', inject(function($rootScope, $compile, $sce) { - $rootScope.testUrl = $sce.trustAsUrl('javascript:foo()'); // `javascript` is not whitelisted + it('should accept trusted values for non-trusted URI values', inject(function($rootScope, $compile, $sce) { + $rootScope.testUrl = $sce.trustAsUrl('javascript:foo()'); // `javascript` is not trusted element = $compile('')($rootScope); $rootScope.$digest(); expect(element.attr('href')).toEqual('javascript:foo()'); @@ -11624,8 +11624,8 @@ describe('$compile', function() { expect(element.attr('ng-href')).toEqual('javascript:foo()'); })); - it('should sanitize non-whitelisted values', inject(function($rootScope, $compile) { - $rootScope.testUrl = 'javascript:foo()'; // `javascript` is not whitelisted + it('should sanitize non-trusted values', inject(function($rootScope, $compile) { + $rootScope.testUrl = 'javascript:foo()'; // `javascript` is not trusted element = $compile('')($rootScope); $rootScope.$digest(); expect(element.attr('href')).toEqual('unsafe:javascript:foo()'); @@ -11678,7 +11678,7 @@ describe('$compile', function() { $provide.value('$$sanitizeUri', $$sanitizeUri); }); inject(function($compile, $rootScope) { - // This URL would fail the RESOURCE_URL whitelist, but that test shouldn't be run + // This URL would fail the RESOURCE_URL trusted list, but that test shouldn't be run // because these interpolations will be resolved against the URL context instead $rootScope.testUrl = 'https://bad.example.org'; @@ -11700,7 +11700,7 @@ describe('$compile', function() { $provide.value('$$sanitizeUri', $$sanitizeUri); }); inject(function($compile, $rootScope) { - // This URL would fail the RESOURCE_URL whitelist, but that test shouldn't be run + // This URL would fail the RESOURCE_URL trusted list, but that test shouldn't be run // because these interpolations will be resolved against the URL context instead $rootScope.testUrl = 'https://bad.example.org'; diff --git a/test/ng/sanitizeUriSpec.js b/test/ng/sanitizeUriSpec.js index c5ca4c5d040f..bd51aa6855e7 100644 --- a/test/ng/sanitizeUriSpec.js +++ b/test/ng/sanitizeUriSpec.js @@ -125,10 +125,10 @@ describe('sanitizeUri', function() { expect(sanitizeImg(testUrl)).toBe('data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=='); }); - it('should allow reconfiguration of the src whitelist', function() { + it('should allow reconfiguration of the src trusted URIs', function() { var returnVal; - expect(sanitizeUriProvider.imgSrcSanitizationWhitelist() instanceof RegExp).toBe(true); - returnVal = sanitizeUriProvider.imgSrcSanitizationWhitelist(/javascript:/); + expect(sanitizeUriProvider.imgSrcSanitizationTrustedUri() instanceof RegExp).toBe(true); + returnVal = sanitizeUriProvider.imgSrcSanitizationTrustedUri(/javascript:/); expect(returnVal).toBe(sanitizeUriProvider); testUrl = 'javascript:doEvilStuff()'; @@ -226,10 +226,10 @@ describe('sanitizeUri', function() { expect(sanitizeHref(testUrl)).toBe('file:///foo/bar.html'); })); - it('should allow reconfiguration of the href whitelist', function() { + it('should allow reconfiguration of the href trusted URIs', function() { var returnVal; - expect(sanitizeUriProvider.aHrefSanitizationWhitelist() instanceof RegExp).toBe(true); - returnVal = sanitizeUriProvider.aHrefSanitizationWhitelist(/javascript:/); + expect(sanitizeUriProvider.aHrefSanitizationTrustedUri() instanceof RegExp).toBe(true); + returnVal = sanitizeUriProvider.aHrefSanitizationTrustedUri(/javascript:/); expect(returnVal).toBe(sanitizeUriProvider); testUrl = 'javascript:doEvilStuff()';