Home Explore Help
Register Sign In
root
/
iTDM-web
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5f72b95528
Branches Tags
iTDM-web
/
itdmWeb
/
public
/
static
/
editor-app
/
libs
/
angular-sanitize_1.2.13
/
angular-sanitize.js

angular-sanitize.js 20 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626 
  1. /**
    2. 

  2.  * @license AngularJS v1.2.13
    3. 

  3.  * (c) 2010-2014 Google, Inc. http://angularjs.org
    4. 

  4.  * License: MIT
    5. 

  5.  */
    6. 

  6. (function(window, angular, undefined) {'use strict';
    7. 

  7. 

  8. var $sanitizeMinErr = angular.$$minErr('$sanitize');
    9. 

  9. 

  10. /**
    11. 

  11.  * @ngdoc overview
    12. 

  12.  * @name ngSanitize
    13. 

  13.  * @description
    14. 

  14.  *
    15. 

  15.  * # ngSanitize
    16. 

  16.  *
    17. 

  17.  * The `ngSanitize` module provides functionality to sanitize HTML.
    18. 

  18.  *
    19. 

  19.  * {@installModule sanitize}
    20. 

  20.  *
    21. 

  21.  * <div doc-module-components="ngSanitize"></div>
    22. 

  22.  *
    23. 

  23.  * See {@link ngSanitize.$sanitize `$sanitize`} for usage.
    24. 

  24.  */
    25. 

  25. 

  26. /*
    27. 

  27.  * HTML Parser By Misko Hevery (misko@hevery.com)
    28. 

  28.  * based on:  HTML Parser By John Resig (ejohn.org)
    29. 

  29.  * Original code by Erik Arvidsson, Mozilla Public License
    30. 

  30.  * http://erik.eae.net/simplehtmlparser/simplehtmlparser.js
    31. 

  31.  *
    32. 

  32.  * // Use like so:
    33. 

  33.  * htmlParser(htmlString, {
    34. 

  34.  *     start: function(tag, attrs, unary) {},
    35. 

  35.  *     end: function(tag) {},
    36. 

  36.  *     chars: function(text) {},
    37. 

  37.  *     comment: function(text) {}
    38. 

  38.  * });
    39. 

  39.  *
    40. 

  40.  */
    41. 

  41. 

  42. 

  43. /**
    44. 

  44.  * @ngdoc service
    45. 

  45.  * @name ngSanitize.$sanitize
    46. 

  46.  * @function
    47. 

  47.  *
    48. 

  48.  * @description
    49. 

  49.  *   The input is sanitized by parsing the html into tokens. All safe tokens (from a whitelist) are
    50. 

  50.  *   then serialized back to properly escaped html string. This means that no unsafe input can make
    51. 

  51.  *   it into the returned string, however, since our parser is more strict than a typical browser
    52. 

  52.  *   parser, it's possible that some obscure input, which would be recognized as valid HTML by a
    53. 

  53.  *   browser, won't make it through the sanitizer.
    54. 

  54.  *   The whitelist is configured using the functions `aHrefSanitizationWhitelist` and
    55. 

  55.  *   `imgSrcSanitizationWhitelist` of {@link ng.$compileProvider `$compileProvider`}.
    56. 

  56.  *
    57. 

  57.  * @param {string} html Html input.
    58. 

  58.  * @returns {string} Sanitized html.
    59. 

  59.  *
    60. 

  60.  * @example
    61. 

  61.    <doc:example module="ngSanitize">
    62. 

  62.    <doc:source>
    63. 

  63.      <script>
    64. 

  64.        function Ctrl($scope, $sce) {
    65. 

  65.          $scope.snippet =
    66. 

  66.            '<p style="color:blue">an html\n' +
    67. 

  67.            '<em onmouseover="this.textContent=\'PWN3D!\'">click here</em>\n' +
    68. 

  68.            'snippet</p>';
    69. 

  69.          $scope.deliberatelyTrustDangerousSnippet = function() {
    70. 

  70.            return $sce.trustAsHtml($scope.snippet);
    71. 

  71.          };
    72. 

  72.        }
    73. 

  73.      </script>
    74. 

  74.      <div ng-controller="Ctrl">
    75. 

  75.         Snippet: <textarea ng-model="snippet" cols="60" rows="3"></textarea>
    76. 

  76.        <table>
    77. 

  77.          <tr>
    78. 

  78.            <td>Directive</td>
    79. 

  79.            <td>How</td>
    80. 

  80.            <td>Source</td>
    81. 

  81.            <td>Rendered</td>
    82. 

  82.          </tr>
    83. 

  83.          <tr id="bind-html-with-sanitize">
    84. 

  84.            <td>ng-bind-html</td>
    85. 

  85.            <td>Automatically uses $sanitize</td>
    86. 

  86.            <td><pre>&lt;div ng-bind-html="snippet"&gt;<br/>&lt;/div&gt;</pre></td>
    87. 

  87.            <td><div ng-bind-html="snippet"></div></td>
    88. 

  88.          </tr>
    89. 

  89.          <tr id="bind-html-with-trust">
    90. 

  90.            <td>ng-bind-html</td>
    91. 

  91.            <td>Bypass $sanitize by explicitly trusting the dangerous value</td>
    92. 

  92.            <td>
    93. 

  93.            <pre>&lt;div ng-bind-html="deliberatelyTrustDangerousSnippet()"&gt;
    94. 

  94. &lt;/div&gt;</pre>
    95. 

  95.            </td>
    96. 

  96.            <td><div ng-bind-html="deliberatelyTrustDangerousSnippet()"></div></td>
    97. 

  97.          </tr>
    98. 

  98.          <tr id="bind-default">
    99. 

  99.            <td>ng-bind</td>
    100. 

  100.            <td>Automatically escapes</td>
    101. 

  101.            <td><pre>&lt;div ng-bind="snippet"&gt;<br/>&lt;/div&gt;</pre></td>
    102. 

  102.            <td><div ng-bind="snippet"></div></td>
    103. 

  103.          </tr>
    104. 

  104.        </table>
    105. 

  105.        </div>
    106. 

  106.    </doc:source>
    107. 

  107.    <doc:protractor>
    108. 

  108.      it('should sanitize the html snippet by default', function() {
    109. 

  109.        expect(element(by.css('#bind-html-with-sanitize div')).getInnerHtml()).
    110. 

  110.          toBe('<p>an html\n<em>click here</em>\nsnippet</p>');
    111. 

  111.      });
    112. 

  112. 

  113.      it('should inline raw snippet if bound to a trusted value', function() {
    114. 

  114.        expect(element(by.css('#bind-html-with-trust div')).getInnerHtml()).
    115. 

  115.          toBe("<p style=\"color:blue\">an html\n" +
    116. 

  116.               "<em onmouseover=\"this.textContent='PWN3D!'\">click here</em>\n" +
    117. 

  117.               "snippet</p>");
    118. 

  118.      });
    119. 

  119. 

  120.      it('should escape snippet without any filter', function() {
    121. 

  121.        expect(element(by.css('#bind-default div')).getInnerHtml()).
    122. 

  122.          toBe("&lt;p style=\"color:blue\"&gt;an html\n" +
    123. 

  123.               "&lt;em onmouseover=\"this.textContent='PWN3D!'\"&gt;click here&lt;/em&gt;\n" +
    124. 

  124.               "snippet&lt;/p&gt;");
    125. 

  125.      });
    126. 

  126. 

  127.      it('should update', function() {
    128. 

  128.        element(by.model('snippet')).clear();
    129. 

  129.        element(by.model('snippet')).sendKeys('new <b onclick="alert(1)">text</b>');
    130. 

  130.        expect(element(by.css('#bind-html-with-sanitize div')).getInnerHtml()).
    131. 

  131.          toBe('new <b>text</b>');
    132. 

  132.        expect(element(by.css('#bind-html-with-trust div')).getInnerHtml()).toBe(
    133. 

  133.          'new <b onclick="alert(1)">text</b>');
    134. 

  134.        expect(element(by.css('#bind-default div')).getInnerHtml()).toBe(
    135. 

  135.          "new &lt;b onclick=\"alert(1)\"&gt;text&lt;/b&gt;");
    136. 

  136.      });
    137. 

  137.    </doc:protractor>
    138. 

  138.    </doc:example>
    139. 

  139.  */
    140. 

  140. function $SanitizeProvider() {
    141. 

  141.   this.$get = ['$$sanitizeUri', function($$sanitizeUri) {
    142. 

  142.     return function(html) {
    143. 

  143.       var buf = [];
    144. 

  144.       htmlParser(html, htmlSanitizeWriter(buf, function(uri, isImage) {
    145. 

  145.         return !/^unsafe/.test($$sanitizeUri(uri, isImage));
    146. 

  146.       }));
    147. 

  147.       return buf.join('');
    148. 

  148.     };
    149. 

  149.   }];
    150. 

  150. }
    151. 

  151. 

  152. function sanitizeText(chars) {
    153. 

  153.   var buf = [];
    154. 

  154.   var writer = htmlSanitizeWriter(buf, angular.noop);
    155. 

  155.   writer.chars(chars);
    156. 

  156.   return buf.join('');
    157. 

  157. }
    158. 

  158. 

  159. 

  160. // Regular Expressions for parsing tags and attributes
    161. 

  161. var START_TAG_REGEXP =
    162. 

  162.        /^<\s*([\w:-]+)((?:\s+[\w:-]+(?:\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|[^>\s]+))?)*)\s*(\/?)\s*>/,
    163. 

  163.   END_TAG_REGEXP = /^<\s*\/\s*([\w:-]+)[^>]*>/,
    164. 

  164.   ATTR_REGEXP = /([\w:-]+)(?:\s*=\s*(?:(?:"((?:[^"])*)")|(?:'((?:[^'])*)')|([^>\s]+)))?/g,
    165. 

  165.   BEGIN_TAG_REGEXP = /^</,
    166. 

  166.   BEGING_END_TAGE_REGEXP = /^<\s*\//,
    167. 

  167.   COMMENT_REGEXP = /<!--(.*?)-->/g,
    168. 

  168.   DOCTYPE_REGEXP = /<!DOCTYPE([^>]*?)>/i,
    169. 

  169.   CDATA_REGEXP = /<!\[CDATA\[(.*?)]]>/g,
    170. 

  170.   // Match everything outside of normal chars and " (quote character)
    171. 

  171.   NON_ALPHANUMERIC_REGEXP = /([^\#-~| |!])/g;
    172. 

  172. 

  173. 

  174. // Good source of info about elements and attributes
    175. 

  175. // http://dev.w3.org/html5/spec/Overview.html#semantics
    176. 

  176. // http://simon.html5.org/html-elements
    177. 

  177. 

  178. // Safe Void Elements - HTML5
    179. 

  179. // http://dev.w3.org/html5/spec/Overview.html#void-elements
    180. 

  180. var voidElements = makeMap("area,br,col,hr,img,wbr");
    181. 

  181. 

  182. // Elements that you can, intentionally, leave open (and which close themselves)
    183. 

  183. // http://dev.w3.org/html5/spec/Overview.html#optional-tags
    184. 

  184. var optionalEndTagBlockElements = makeMap("colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr"),
    185. 

  185.     optionalEndTagInlineElements = makeMap("rp,rt"),
    186. 

  186.     optionalEndTagElements = angular.extend({},
    187. 

  187.                                             optionalEndTagInlineElements,
    188. 

  188.                                             optionalEndTagBlockElements);
    189. 

  189. 

  190. // Safe Block Elements - HTML5
    191. 

  191. var blockElements = angular.extend({}, optionalEndTagBlockElements, makeMap("address,article," +
    192. 

  192.         "aside,blockquote,caption,center,del,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5," +
    193. 

  193.         "h6,header,hgroup,hr,ins,map,menu,nav,ol,pre,script,section,table,ul"));
    194. 

  194. 

  195. // Inline Elements - HTML5
    196. 

  196. var inlineElements = angular.extend({}, optionalEndTagInlineElements, makeMap("a,abbr,acronym,b," +
    197. 

  197.         "bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,q,ruby,rp,rt,s," +
    198. 

  198.         "samp,small,span,strike,strong,sub,sup,time,tt,u,var"));
    199. 

  199. 

  200. 

  201. // Special Elements (can contain anything)
    202. 

  202. var specialElements = makeMap("script,style");
    203. 

  203. 

  204. var validElements = angular.extend({},
    205. 

  205.                                    voidElements,
    206. 

  206.                                    blockElements,
    207. 

  207.                                    inlineElements,
    208. 

  208.                                    optionalEndTagElements);
    209. 

  209. 

  210. //Attributes that have href and hence need to be sanitized
    211. 

  211. var uriAttrs = makeMap("background,cite,href,longdesc,src,usemap");
    212. 

  212. var validAttrs = angular.extend({}, uriAttrs, makeMap(
    213. 

  213.     'abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,'+
    214. 

  214.     'color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,'+
    215. 

  215.     'ismap,lang,language,nohref,nowrap,rel,rev,rows,rowspan,rules,'+
    216. 

  216.     'scope,scrolling,shape,size,span,start,summary,target,title,type,'+
    217. 

  217.     'valign,value,vspace,width'));
    218. 

  218. 

  219. function makeMap(str) {
    220. 

  220.   var obj = {}, items = str.split(','), i;
    221. 

  221.   for (i = 0; i < items.length; i++) obj[items[i]] = true;
    222. 

  222.   return obj;
    223. 

  223. }
    224. 

  224. 

  225. 

  226. /**
    227. 

  227.  * @example
    228. 

  228.  * htmlParser(htmlString, {
    229. 

  229.  *     start: function(tag, attrs, unary) {},
    230. 

  230.  *     end: function(tag) {},
    231. 

  231.  *     chars: function(text) {},
    232. 

  232.  *     comment: function(text) {}
    233. 

  233.  * });
    234. 

  234.  *
    235. 

  235.  * @param {string} html string
    236. 

  236.  * @param {object} handler
    237. 

  237.  */
    238. 

  238. function htmlParser( html, handler ) {
    239. 

  239.   var index, chars, match, stack = [], last = html;
    240. 

  240.   stack.last = function() { return stack[ stack.length - 1 ]; };
    241. 

  241. 

  242.   while ( html ) {
    243. 

  243.     chars = true;
    244. 

  244. 

  245.     // Make sure we're not in a script or style element
    246. 

  246.     if ( !stack.last() || !specialElements[ stack.last() ] ) {
    247. 

  247. 

  248.       // Comment
    249. 

  249.       if ( html.indexOf("<!--") === 0 ) {
    250. 

  250.         // comments containing -- are not allowed unless they terminate the comment
    251. 

  251.         index = html.indexOf("--", 4);
    252. 

  252. 

  253.         if ( index >= 0 && html.lastIndexOf("-->", index) === index) {
    254. 

  254.           if (handler.comment) handler.comment( html.substring( 4, index ) );
    255. 

  255.           html = html.substring( index + 3 );
    256. 

  256.           chars = false;
    257. 

  257.         }
    258. 

  258.       // DOCTYPE
    259. 

  259.       } else if ( DOCTYPE_REGEXP.test(html) ) {
    260. 

  260.         match = html.match( DOCTYPE_REGEXP );
    261. 

  261. 

  262.         if ( match ) {
    263. 

  263.           html = html.replace( match[0] , '');
    264. 

  264.           chars = false;
    265. 

  265.         }
    266. 

  266.       // end tag
    267. 

  267.       } else if ( BEGING_END_TAGE_REGEXP.test(html) ) {
    268. 

  268.         match = html.match( END_TAG_REGEXP );
    269. 

  269. 

  270.         if ( match ) {
    271. 

  271.           html = html.substring( match[0].length );
    272. 

  272.           match[0].replace( END_TAG_REGEXP, parseEndTag );
    273. 

  273.           chars = false;
    274. 

  274.         }
    275. 

  275. 

  276.       // start tag
    277. 

  277.       } else if ( BEGIN_TAG_REGEXP.test(html) ) {
    278. 

  278.         match = html.match( START_TAG_REGEXP );
    279. 

  279. 

  280.         if ( match ) {
    281. 

  281.           html = html.substring( match[0].length );
    282. 

  282.           match[0].replace( START_TAG_REGEXP, parseStartTag );
    283. 

  283.           chars = false;
    284. 

  284.         }
    285. 

  285.       }
    286. 

  286. 

  287.       if ( chars ) {
    288. 

  288.         index = html.indexOf("<");
    289. 

  289. 

  290.         var text = index < 0 ? html : html.substring( 0, index );
    291. 

  291.         html = index < 0 ? "" : html.substring( index );
    292. 

  292. 

  293.         if (handler.chars) handler.chars( decodeEntities(text) );
    294. 

  294.       }
    295. 

  295. 

  296.     } else {
    297. 

  297.       html = html.replace(new RegExp("(.*)<\\s*\\/\\s*" + stack.last() + "[^>]*>", 'i'),
    298. 

  298.         function(all, text){
    299. 

  299.           text = text.replace(COMMENT_REGEXP, "$1").replace(CDATA_REGEXP, "$1");
    300. 

  300. 

  301.           if (handler.chars) handler.chars( decodeEntities(text) );
    302. 

  302. 

  303.           return "";
    304. 

  304.       });
    305. 

  305. 

  306.       parseEndTag( "", stack.last() );
    307. 

  307.     }
    308. 

  308. 

  309.     if ( html == last ) {
    310. 

  310.       throw $sanitizeMinErr('badparse', "The sanitizer was unable to parse the following block " +
    311. 

  311.                                         "of html: {0}", html);
    312. 

  312.     }
    313. 

  313.     last = html;
    314. 

  314.   }
    315. 

  315. 

  316.   // Clean up any remaining tags
    317. 

  317.   parseEndTag();
    318. 

  318. 

  319.   function parseStartTag( tag, tagName, rest, unary ) {
    320. 

  320.     tagName = angular.lowercase(tagName);
    321. 

  321.     if ( blockElements[ tagName ] ) {
    322. 

  322.       while ( stack.last() && inlineElements[ stack.last() ] ) {
    323. 

  323.         parseEndTag( "", stack.last() );
    324. 

  324.       }
    325. 

  325.     }
    326. 

  326. 

  327.     if ( optionalEndTagElements[ tagName ] && stack.last() == tagName ) {
    328. 

  328.       parseEndTag( "", tagName );
    329. 

  329.     }
    330. 

  330. 

  331.     unary = voidElements[ tagName ] || !!unary;
    332. 

  332. 

  333.     if ( !unary )
    334. 

  334.       stack.push( tagName );
    335. 

  335. 

  336.     var attrs = {};
    337. 

  337. 

  338.     rest.replace(ATTR_REGEXP,
    339. 

  339.       function(match, name, doubleQuotedValue, singleQuotedValue, unquotedValue) {
    340. 

  340.         var value = doubleQuotedValue
    341. 

  341.           || singleQuotedValue
    342. 

  342.           || unquotedValue
    343. 

  343.           || '';
    344. 

  344. 

  345.         attrs[name] = decodeEntities(value);
    346. 

  346.     });
    347. 

  347.     if (handler.start) handler.start( tagName, attrs, unary );
    348. 

  348.   }
    349. 

  349. 

  350.   function parseEndTag( tag, tagName ) {
    351. 

  351.     var pos = 0, i;
    352. 

  352.     tagName = angular.lowercase(tagName);
    353. 

  353.     if ( tagName )
    354. 

  354.       // Find the closest opened tag of the same type
    355. 

  355.       for ( pos = stack.length - 1; pos >= 0; pos-- )
    356. 

  356.         if ( stack[ pos ] == tagName )
    357. 

  357.           break;
    358. 

  358. 

  359.     if ( pos >= 0 ) {
    360. 

  360.       // Close all the open elements, up the stack
    361. 

  361.       for ( i = stack.length - 1; i >= pos; i-- )
    362. 

  362.         if (handler.end) handler.end( stack[ i ] );
    363. 

  363. 

  364.       // Remove the open elements from the stack
    365. 

  365.       stack.length = pos;
    366. 

  366.     }
    367. 

  367.   }
    368. 

  368. }
    369. 

  369. 

  370. var hiddenPre=document.createElement("pre");
    371. 

  371. var spaceRe = /^(\s*)([\s\S]*?)(\s*)$/;
    372. 

  372. /**
    373. 

  373.  * decodes all entities into regular string
    374. 

  374.  * @param value
    375. 

  375.  * @returns {string} A string with decoded entities.
    376. 

  376.  */
    377. 

  377. function decodeEntities(value) {
    378. 

  378.   if (!value) { return ''; }
    379. 

  379. 

  380.   // Note: IE8 does not preserve spaces at the start/end of innerHTML
    381. 

  381.   // so we must capture them and reattach them afterward
    382. 

  382.   var parts = spaceRe.exec(value);
    383. 

  383.   var spaceBefore = parts[1];
    384. 

  384.   var spaceAfter = parts[3];
    385. 

  385.   var content = parts[2];
    386. 

  386.   if (content) {
    387. 

  387.     hiddenPre.innerHTML=content.replace(/</g,"&lt;");
    388. 

  388.     // innerText depends on styling as it doesn't display hidden elements.
    389. 

  389.     // Therefore, it's better to use textContent not to cause unnecessary
    390. 

  390.     // reflows. However, IE<9 don't support textContent so the innerText
    391. 

  391.     // fallback is necessary.
    392. 

  392.     content = 'textContent' in hiddenPre ?
    393. 

  393.       hiddenPre.textContent : hiddenPre.innerText;
    394. 

  394.   }
    395. 

  395.   return spaceBefore + content + spaceAfter;
    396. 

  396. }
    397. 

  397. 

  398. /**
    399. 

  399.  * Escapes all potentially dangerous characters, so that the
    400. 

  400.  * resulting string can be safely inserted into attribute or
    401. 

  401.  * element text.
    402. 

  402.  * @param value
    403. 

  403.  * @returns escaped text
    404. 

  404.  */
    405. 

  405. function encodeEntities(value) {
    406. 

  406.   return value.
    407. 

  407.     replace(/&/g, '&amp;').
    408. 

  408.     replace(NON_ALPHANUMERIC_REGEXP, function(value){
    409. 

  409.       return '&#' + value.charCodeAt(0) + ';';
    410. 

  410.     }).
    411. 

  411.     replace(/</g, '&lt;').
    412. 

  412.     replace(/>/g, '&gt;');
    413. 

  413. }
    414. 

  414. 

  415. /**
    416. 

  416.  * create an HTML/XML writer which writes to buffer
    417. 

  417.  * @param {Array} buf use buf.jain('') to get out sanitized html string
    418. 

  418.  * @returns {object} in the form of {
    419. 

  419.  *     start: function(tag, attrs, unary) {},
    420. 

  420.  *     end: function(tag) {},
    421. 

  421.  *     chars: function(text) {},
    422. 

  422.  *     comment: function(text) {}
    423. 

  423.  * }
    424. 

  424.  */
    425. 

  425. function htmlSanitizeWriter(buf, uriValidator){
    426. 

  426.   var ignore = false;
    427. 

  427.   var out = angular.bind(buf, buf.push);
    428. 

  428.   return {
    429. 

  429.     start: function(tag, attrs, unary){
    430. 

  430.       tag = angular.lowercase(tag);
    431. 

  431.       if (!ignore && specialElements[tag]) {
    432. 

  432.         ignore = tag;
    433. 

  433.       }
    434. 

  434.       if (!ignore && validElements[tag] === true) {
    435. 

  435.         out('<');
    436. 

  436.         out(tag);
    437. 

  437.         angular.forEach(attrs, function(value, key){
    438. 

  438.           var lkey=angular.lowercase(key);
    439. 

  439.           var isImage = (tag === 'img' && lkey === 'src') || (lkey === 'background');
    440. 

  440.           if (validAttrs[lkey] === true &&
    441. 

  441.             (uriAttrs[lkey] !== true || uriValidator(value, isImage))) {
    442. 

  442.             out(' ');
    443. 

  443.             out(key);
    444. 

  444.             out('="');
    445. 

  445.             out(encodeEntities(value));
    446. 

  446.             out('"');
    447. 

  447.           }
    448. 

  448.         });
    449. 

  449.         out(unary ? '/>' : '>');
    450. 

  450.       }
    451. 

  451.     },
    452. 

  452.     end: function(tag){
    453. 

  453.         tag = angular.lowercase(tag);
    454. 

  454.         if (!ignore && validElements[tag] === true) {
    455. 

  455.           out('</');
    456. 

  456.           out(tag);
    457. 

  457.           out('>');
    458. 

  458.         }
    459. 

  459.         if (tag == ignore) {
    460. 

  460.           ignore = false;
    461. 

  461.         }
    462. 

  462.       },
    463. 

  463.     chars: function(chars){
    464. 

  464.         if (!ignore) {
    465. 

  465.           out(encodeEntities(chars));
    466. 

  466.         }
    467. 

  467.       }
    468. 

  468.   };
    469. 

  469. }
    470. 

  470. 

  471. 

  472. // define ngSanitize module and register $sanitize service
    473. 

  473. angular.module('ngSanitize', []).provider('$sanitize', $SanitizeProvider);
    474. 

  474. 

  475. /* global sanitizeText: false */
    476. 

  476. 

  477. /**
    478. 

  478.  * @ngdoc filter
    479. 

  479.  * @name ngSanitize.filter:linky
    480. 

  480.  * @function
    481. 

  481.  *
    482. 

  482.  * @description
    483. 

  483.  * Finds links in text input and turns them into html links. Supports http/https/ftp/mailto and
    484. 

  484.  * plain email address links.
    485. 

  485.  *
    486. 

  486.  * Requires the {@link ngSanitize `ngSanitize`} module to be installed.
    487. 

  487.  *
    488. 

  488.  * @param {string} text Input text.
    489. 

  489.  * @param {string} target Window (_blank|_self|_parent|_top) or named frame to open links in.
    490. 

  490.  * @returns {string} Html-linkified text.
    491. 

  491.  *
    492. 

  492.  * @usage
    493. 

  493.    <span ng-bind-html="linky_expression | linky"></span>
    494. 

  494.  *
    495. 

  495.  * @example
    496. 

  496.    <doc:example module="ngSanitize">
    497. 

  497.      <doc:source>
    498. 

  498.        <script>
    499. 

  499.          function Ctrl($scope) {
    500. 

  500.            $scope.snippet =
    501. 

  501.              'Pretty text with some links:\n'+
    502. 

  502.              'http://angularjs.org/,\n'+
    503. 

  503.              'mailto:us@somewhere.org,\n'+
    504. 

  504.              'another@somewhere.org,\n'+
    505. 

  505.              'and one more: ftp://127.0.0.1/.';
    506. 

  506.            $scope.snippetWithTarget = 'http://angularjs.org/';
    507. 

  507.          }
    508. 

  508.        </script>
    509. 

  509.        <div ng-controller="Ctrl">
    510. 

  510.        Snippet: <textarea ng-model="snippet" cols="60" rows="3"></textarea>
    511. 

  511.        <table>
    512. 

  512.          <tr>
    513. 

  513.            <td>Filter</td>
    514. 

  514.            <td>Source</td>
    515. 

  515.            <td>Rendered</td>
    516. 

  516.          </tr>
    517. 

  517.          <tr id="linky-filter">
    518. 

  518.            <td>linky filter</td>
    519. 

  519.            <td>
    520. 

  520.              <pre>&lt;div ng-bind-html="snippet | linky"&gt;<br>&lt;/div&gt;</pre>
    521. 

  521.            </td>
    522. 

  522.            <td>
    523. 

  523.              <div ng-bind-html="snippet | linky"></div>
    524. 

  524.            </td>
    525. 

  525.          </tr>
    526. 

  526.          <tr id="linky-target">
    527. 

  527.           <td>linky target</td>
    528. 

  528.           <td>
    529. 

  529.             <pre>&lt;div ng-bind-html="snippetWithTarget | linky:'_blank'"&gt;<br>&lt;/div&gt;</pre>
    530. 

  530.           </td>
    531. 

  531.           <td>
    532. 

  532.             <div ng-bind-html="snippetWithTarget | linky:'_blank'"></div>
    533. 

  533.           </td>
    534. 

  534.          </tr>
    535. 

  535.          <tr id="escaped-html">
    536. 

  536.            <td>no filter</td>
    537. 

  537.            <td><pre>&lt;div ng-bind="snippet"&gt;<br>&lt;/div&gt;</pre></td>
    538. 

  538.            <td><div ng-bind="snippet"></div></td>
    539. 

  539.          </tr>
    540. 

  540.        </table>
    541. 

  541.      </doc:source>
    542. 

  542.      <doc:protractor>
    543. 

  543.        it('should linkify the snippet with urls', function() {
    544. 

  544.          expect(element(by.id('linky-filter')).element(by.binding('snippet | linky')).getText()).
    545. 

  545.              toBe('Pretty text with some links: http://angularjs.org/, us@somewhere.org, ' +
    546. 

  546.                   'another@somewhere.org, and one more: ftp://127.0.0.1/.');
    547. 

  547.          expect(element.all(by.css('#linky-filter a')).count()).toEqual(4);
    548. 

  548.        });
    549. 

  549. 

  550.        it('should not linkify snippet without the linky filter', function() {
    551. 

  551.          expect(element(by.id('escaped-html')).element(by.binding('snippet')).getText()).
    552. 

  552.              toBe('Pretty text with some links: http://angularjs.org/, mailto:us@somewhere.org, ' +
    553. 

  553.                   'another@somewhere.org, and one more: ftp://127.0.0.1/.');
    554. 

  554.          expect(element.all(by.css('#escaped-html a')).count()).toEqual(0);
    555. 

  555.        });
    556. 

  556. 

  557.        it('should update', function() {
    558. 

  558.          element(by.model('snippet')).clear();
    559. 

  559.          element(by.model('snippet')).sendKeys('new http://link.');
    560. 

  560.          expect(element(by.id('linky-filter')).element(by.binding('snippet | linky')).getText()).
    561. 

  561.              toBe('new http://link.');
    562. 

  562.          expect(element.all(by.css('#linky-filter a')).count()).toEqual(1);
    563. 

  563.          expect(element(by.id('escaped-html')).element(by.binding('snippet')).getText())
    564. 

  564.              .toBe('new http://link.');
    565. 

  565.        });
    566. 

  566. 

  567.        it('should work with the target property', function() {
    568. 

  568.         expect(element(by.id('linky-target')).
    569. 

  569.             element(by.binding("snippetWithTarget | linky:'_blank'")).getText()).
    570. 

  570.             toBe('http://angularjs.org/');
    571. 

  571.         expect(element(by.css('#linky-target a')).getAttribute('target')).toEqual('_blank');
    572. 

  572.        });
    573. 

  573.      </doc:protractor>
    574. 

  574.    </doc:example>
    575. 

  575.  */
    576. 

  576. angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) {
    577. 

  577.   var LINKY_URL_REGEXP =
    578. 

  578.         /((ftp|https?):\/\/|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>]/,
    579. 

  579.       MAILTO_REGEXP = /^mailto:/;
    580. 

  580. 

  581.   return function(text, target) {
    582. 

  582.     if (!text) return text;
    583. 

  583.     var match;
    584. 

  584.     var raw = text;
    585. 

  585.     var html = [];
    586. 

  586.     var url;
    587. 

  587.     var i;
    588. 

  588.     while ((match = raw.match(LINKY_URL_REGEXP))) {
    589. 

  589.       // We can not end in these as they are sometimes found at the end of the sentence
    590. 

  590.       url = match[0];
    591. 

  591.       // if we did not match ftp/http/mailto then assume mailto
    592. 

  592.       if (match[2] == match[3]) url = 'mailto:' + url;
    593. 

  593.       i = match.index;
    594. 

  594.       addText(raw.substr(0, i));
    595. 

  595.       addLink(url, match[0].replace(MAILTO_REGEXP, ''));
    596. 

  596.       raw = raw.substring(i + match[0].length);
    597. 

  597.     }
    598. 

  598.     addText(raw);
    599. 

  599.     return $sanitize(html.join(''));
    600. 

  600. 

  601.     function addText(text) {
    602. 

  602.       if (!text) {
    603. 

  603.         return;
    604. 

  604.       }
    605. 

  605.       html.push(sanitizeText(text));
    606. 

  606.     }
    607. 

  607. 

  608.     function addLink(url, text) {
    609. 

  609.       html.push('<a ');
    610. 

  610.       if (angular.isDefined(target)) {
    611. 

  611.         html.push('target="');
    612. 

  612.         html.push(target);
    613. 

  613.         html.push('" ');
    614. 

  614.       }
    615. 

  615.       html.push('href="');
    616. 

  616.       html.push(url);
    617. 

  617.       html.push('">');
    618. 

  618.       addText(text);
    619. 

  619.       html.push('</a>');
    620. 

  620.     }
    621. 

  621.   };
    622. 

  622. }]);
    623. 

  623. 

  624. 

  625. })(window, window.angular);
    626. 

  626.