mirror of
https://github.com/Hopiu/angular.js.git
synced 2026-03-29 04:20:30 +00:00
a380fc4624
Transferred from https://github.com/angular/angular.js/wiki/Using-AngularJS-in-a-Chrome-Extension-environment
43 lines
1.3 KiB
JavaScript
43 lines
1.3 KiB
JavaScript
'use strict';
|
|
|
|
/**
|
|
* @ngdoc directive
|
|
* @name ng.directive:ngCsp
|
|
* @priority 1000
|
|
*
|
|
* @element html
|
|
* @description
|
|
* Enables [CSP (Content Security Policy)](https://developer.mozilla.org/en/Security/CSP) support.
|
|
*
|
|
* This is necessary when developing things like Google Chrome Extensions.
|
|
*
|
|
* CSP forbids apps to use `eval` or `Function(string)` generated functions (among other things).
|
|
* For us to be compatible, we just need to implement the "getterFn" in $parse without violating
|
|
* any of these restrictions.
|
|
*
|
|
* AngularJS uses `Function(string)` generated functions as a speed optimization. By applying `ngCsp`
|
|
* it is be possible to opt into the CSP compatible mode. When this mode is on AngularJS will
|
|
* evaluate all expressions up to 30% slower than in non-CSP mode, but no security violations will
|
|
* be raised.
|
|
*
|
|
* In order to use this feature put `ngCsp` directive on the root element of the application.
|
|
*
|
|
* @example
|
|
* This example shows how to apply the `ngCsp` directive to the `html` tag.
|
|
<pre>
|
|
<!doctype html>
|
|
<html ng-app ng-csp>
|
|
...
|
|
...
|
|
</html>
|
|
</pre>
|
|
*/
|
|
|
|
var ngCspDirective = ['$sniffer', function($sniffer) {
|
|
return {
|
|
priority: 1000,
|
|
compile: function() {
|
|
$sniffer.csp = true;
|
|
}
|
|
};
|
|
}];
|