Hopiu/angular.js
1
0
Fork 0
mirror of https://github.com/Hopiu/angular.js.git synced 2026-03-16 23:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
angular.js/test/ng/directive/ngBindSpec.js
Chirayu Krishnappa dae694739b feat(ngBindHtml, sce): combine ng-bind-html and ng-bind-html-unsafe 
Changes:
- remove ng-bind-html-unsafe
- ng-bind-html is now in core
- ng-bind-html is secure
  - supports SCE - so you can bind to an arbitrary trusted string
  - automatic sanitization if $sanitize is available

BREAKING CHANGE:
  ng-html-bind-unsafe has been removed and replaced by ng-html-bind
  (which has been removed from ngSanitize.)  ng-bind-html provides
  ng-html-bind-unsafe like behavior (innerHTML's the result without
  sanitization) when bound to the result of $sce.trustAsHtml(string).
  When bound to a plain string, the string is sanitized via $sanitize
  before being innerHTML'd.  If $sanitize isn't available, it's logs an
  exception.
2013-07-25 14:29:56 -07:00

118 lines
4.1 KiB
JavaScript
Raw Blame History

'use strict';
describe('ngBind*', function() {
var element;
afterEach(function() {
dealoc(element);
});
describe('ngBind', function() {
it('should set text', inject(function($rootScope, $compile) {
element = $compile('<div ng-bind="a"></div>')($rootScope);
expect(element.text()).toEqual('');
$rootScope.a = 'misko';
$rootScope.$digest();
expect(element.hasClass('ng-binding')).toEqual(true);
expect(element.text()).toEqual('misko');
}));
it('should set text to blank if undefined', inject(function($rootScope, $compile) {
element = $compile('<div ng-bind="a"></div>')($rootScope);
$rootScope.a = 'misko';
$rootScope.$digest();
expect(element.text()).toEqual('misko');
$rootScope.a = undefined;
$rootScope.$digest();
expect(element.text()).toEqual('');
$rootScope.a = null;
$rootScope.$digest();
expect(element.text()).toEqual('');
}));
it('should suppress rendering of falsy values', inject(function($rootScope, $compile) {
element = $compile('<div><span ng-bind="null"></span>' +
'<span ng-bind="undefined"></span>' +
'<span ng-bind="\'\'"></span>-' +
'<span ng-bind="0"></span>' +
'<span ng-bind="false"></span>' +
'</div>')($rootScope);
$rootScope.$digest();
expect(element.text()).toEqual('-0false');
}));
});
describe('ngBindTemplate', function() {
it('should ngBindTemplate', inject(function($rootScope, $compile) {
element = $compile('<div ng-bind-template="Hello {{name}}!"></div>')($rootScope);
$rootScope.name = 'Misko';
$rootScope.$digest();
expect(element.hasClass('ng-binding')).toEqual(true);
expect(element.text()).toEqual('Hello Misko!');
}));
it('should render object as JSON ignore $$', inject(function($rootScope, $compile) {
element = $compile('<pre>{{ {key:"value", $$key:"hide"} }}</pre>')($rootScope);
$rootScope.$digest();
expect(fromJson(element.text())).toEqual({key:'value'});
}));
});
describe('ngBindHtml', function() {
describe('SCE disabled', function() {
beforeEach(function() {
module(function($sceProvider) { $sceProvider.enabled(false); });
});
it('should set html', inject(function($rootScope, $compile) {
element = $compile('<div ng-bind-html="html"></div>')($rootScope);
$rootScope.html = '<div onclick="">hello</div>';
$rootScope.$digest();
expect(angular.lowercase(element.html())).toEqual('<div onclick="">hello</div>');
}));
});
describe('SCE enabled', function() {
it('should NOT set html for untrusted values', inject(function($rootScope, $compile) {
element = $compile('<div ng-bind-html="html"></div>')($rootScope);
$rootScope.html = '<div onclick="">hello</div>';
expect($rootScope.$digest).toThrow();
}));
it('should NOT set html for wrongly typed values', inject(function($rootScope, $compile, $sce) {
element = $compile('<div ng-bind-html="html"></div>')($rootScope);
$rootScope.html = $sce.trustAsCss('<div onclick="">hello</div>');
expect($rootScope.$digest).toThrow();
}));
it('should set html for trusted values', inject(function($rootScope, $compile, $sce) {
element = $compile('<div ng-bind-html="html"></div>')($rootScope);
$rootScope.html = $sce.trustAsHtml('<div onclick="">hello</div>');
$rootScope.$digest();
expect(angular.lowercase(element.html())).toEqual('<div onclick="">hello</div>');
}));
describe('when $sanitize is available', function() {
beforeEach(function() { module('ngSanitize'); });
it('should sanitize untrusted html', inject(function($rootScope, $compile) {
element = $compile('<div ng-bind-html="html"></div>')($rootScope);
$rootScope.html = '<div onclick="">hello</div>';
$rootScope.$digest();
expect(angular.lowercase(element.html())).toEqual('<div>hello</div>');
}));
});
});
});
});
Reference in a new issue View git blame Copy permalink