Hopiu/angular.js
1
0
Fork 0
mirror of https://github.com/Hopiu/angular.js.git synced 2026-03-16 23:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
angular.js/test/testabilityPatch.js
Misko Hevery 4fdab37659 create HTML sanitizer to allow inclusion of untrusted HTML in safe manner. 
Sanitization works in two phases:
 1) We parse the HTML into sax-like events (start, end, chars).
    HTML parsing is very complex, and so it may very well be that what
    most browser consider valid HTML may not pares properly here,
    but we do best effort. We treat this parser as untrusted.
 2) We have safe sanitizeWriter which treats its input (start, end, chars)
    as untrusted content and escapes everything. It only allows elements
    in the whitelist and only allows attributes which are whitelisted.
    Any attribute value must not start with 'javascript:'. This check
    is performed after escaping for entity (&xAB; etc..) and ignoring
    any whitespace.

 - Correct linky filter to use safeHtmlWriter
 - Correct html filter to use safeHtmlWriter

Close #33; Close #34
2010-10-26 13:41:07 -07:00

210 lines
5.6 KiB
JavaScript
Raw Blame History

/**
* Here is the problem: http://bugs.jquery.com/ticket/7292
* basically jQuery treats change event on some browsers (IE) as a
* special event and changes it form 'change' to 'click/keyup' and
* few others. This horrible hack removes the special treatment
*/
_jQuery.event.special.change = undefined;
if (window.jstestdriver) {
jstd = jstestdriver;
dump = bind(jstd.console, jstd.console.log);
}
beforeEach(function(){
this.addMatchers({
toBeInvalid: function(){
var element = jqLite(this.actual);
var hasClass = element.hasClass('ng-validation-error');
var validationError = element.attr('ng-validation-error');
this.message = function(){
if (!hasClass)
return "Expected class 'ng-validation-error' not found.";
return "Expected an error message, but none was found.";
};
return hasClass && validationError;
},
toBeValid: function(){
var element = jqLite(this.actual);
var hasClass = element.hasClass('ng-validation-error');
this.message = function(){
return "Expected to not have class 'ng-validation-error' but found.";
};
return !hasClass;
},
toEqualData: function(expected) {
return equals(this.actual, expected);
},
toHaveClass: function(clazz) {
this.message = function(){
return "Expected '" + sortedHtml(this.actual) + "' to have class '" + clazz + "'.";
};
return this.actual.hasClass ?
this.actual.hasClass(clazz) :
jqLite(this.actual).hasClass(clazz);
}
});
});
function nakedExpect(obj) {
return expect(angular.fromJson(angular.toJson(obj)));
}
function childNode(element, index) {
return jqLite(element[0].childNodes[index]);
}
extend(angular, {
'element': jqLite,
'compile': compile,
'scope': createScope,
'copy': copy,
'extend': extend,
'equals': equals,
'foreach': foreach,
'noop':noop,
'bind':bind,
'toJson': toJson,
'fromJson': fromJson,
'identity':identity,
'isUndefined': isUndefined,
'isDefined': isDefined,
'isString': isString,
'isFunction': isFunction,
'isObject': isObject,
'isNumber': isNumber,
'isArray': isArray
});
function sortedHtml(element) {
var html = "";
foreach(jqLite(element), function toString(node) {
if (node.nodeName == "#text") {
html += node.nodeValue.
replace(/&(\w+[&;\W])?/g, function(match, entity){return entity?match:'&';}).
replace(/</g, '&lt;').
replace(/>/g, '&gt;');
} else {
html += '<' + node.nodeName.toLowerCase();
var attributes = node.attributes || [];
var attrs = [];
if (node.className)
attrs.push(' class="' + node.className + '"');
for(var i=0; i<attributes.length; i++) {
var attr = attributes[i];
if(attr.name.match(/^ng:/) ||
attr.value &&
attr.value !='null' &&
attr.value !='auto' &&
attr.value !='false' &&
attr.value !='inherit' &&
attr.value !='0' &&
attr.name !='loop' &&
attr.name !='complete' &&
attr.name !='maxLength' &&
attr.name !='size' &&
attr.name !='class' &&
attr.name !='start' &&
attr.name !='tabIndex' &&
attr.name !='style' &&
attr.name.substr(0, 6) != 'jQuery') {
// in IE we need to check for all of these.
if (!/ng-\d+/.exec(attr.name))
attrs.push(' ' + attr.name + '="' + attr.value + '"');
}
}
attrs.sort();
html += attrs.join('');
if (node.style) {
var style = [];
if (node.style.cssText) {
foreach(node.style.cssText.split(';'), function(value){
value = trim(value);
if (value) {
style.push(lowercase(value));
}
});
}
for(var css in node.style){
var value = node.style[css];
if (isString(value) && isString(css) && css != 'cssText' && value && (1*css != css)) {
var text = lowercase(css + ': ' + value);
if (value != 'false' && indexOf(style, text) == -1) {
style.push(text);
}
}
}
style.sort();
var tmp = style;
style = [];
foreach(tmp, function(value){
if (!value.match(/^max[^\-]/))
style.push(value);
});
if (style.length) {
html += ' style="' + style.join('; ') + ';"';
}
}
html += '>';
var children = node.childNodes;
for(var j=0; j<children.length; j++) {
toString(children[j]);
}
html += '</' + node.nodeName.toLowerCase() + '>';
}
});
return html;
}
function isCssVisible(node) {
var display = node.css('display');
if (display == 'block') display = "";
return display != 'none';
}
function assertHidden(node) {
assertFalse("Node should be hidden but vas visible: " + sortedHtml(node), isCssVisible(node));
}
function assertVisible(node) {
assertTrue("Node should be visible but vas hidden: " + sortedHtml(node), isCssVisible(node));
}
function assertJsonEquals(expected, actual) {
assertEquals(toJson(expected), toJson(actual));
}
function assertUndefined(value) {
assertEquals('undefined', typeof value);
}
function assertDefined(value) {
assertTrue(toJson(value), !!value);
}
function assertThrows(error, fn){
var exception = null;
try {
fn();
} catch(e) {
exception = e;
}
if (!exception) {
fail("Expecting exception, none thrown");
}
assertEquals(error, exception);
}
log = noop;
error = noop;
function rethrow(e) {
if(e) {
throw e;
}
}
Reference in a new issue View git blame Copy permalink