2016-06-23 12:47:54 -04:00
|
|
|
/**
|
|
|
|
* @license
|
|
|
|
* Copyright Google Inc. All Rights Reserved.
|
|
|
|
*
|
|
|
|
* Use of this source code is governed by an MIT-style license that can be
|
|
|
|
* found in the LICENSE file at https://angular.io/license
|
|
|
|
*/
|
|
|
|
|
2016-08-30 21:07:40 -04:00
|
|
|
import {ElementSchemaRegistry} from '@angular/compiler';
|
2016-07-25 06:02:57 -04:00
|
|
|
import {SchemaMetadata, SecurityContext} from '@angular/core';
|
2015-09-14 18:59:09 -04:00
|
|
|
|
|
|
|
export class MockSchemaRegistry implements ElementSchemaRegistry {
|
2016-06-08 19:38:52 -04:00
|
|
|
constructor(
|
|
|
|
public existingProperties: {[key: string]: boolean},
|
2016-08-23 13:52:40 -04:00
|
|
|
public attrPropMapping: {[key: string]: string},
|
2016-09-27 20:10:02 -04:00
|
|
|
public existingElements: {[key: string]: boolean}, public invalidProperties: Array<string>,
|
|
|
|
public invalidAttributes: Array<string>) {}
|
2016-04-28 20:50:03 -04:00
|
|
|
|
2016-07-25 06:02:57 -04:00
|
|
|
hasProperty(tagName: string, property: string, schemas: SchemaMetadata[]): boolean {
|
2016-08-23 13:52:40 -04:00
|
|
|
const value = this.existingProperties[property];
|
|
|
|
return value === void 0 ? true : value;
|
|
|
|
}
|
|
|
|
|
|
|
|
hasElement(tagName: string, schemaMetas: SchemaMetadata[]): boolean {
|
|
|
|
const value = this.existingElements[tagName.toLowerCase()];
|
|
|
|
return value === void 0 ? true : value;
|
2015-09-14 18:59:09 -04:00
|
|
|
}
|
|
|
|
|
2016-10-24 12:58:52 -04:00
|
|
|
allKnownElementNames(): string[] { return Object.keys(this.existingElements); }
|
|
|
|
|
|
|
|
securityContext(selector: string, property: string, isAttribute: boolean): SecurityContext {
|
feat: security implementation in Angular 2.
Summary:
This adds basic security hooks to Angular 2.
* `SecurityContext` is a private API between core, compiler, and
platform-browser. `SecurityContext` communicates what context a value is used
in across template parser, compiler, and sanitization at runtime.
* `SanitizationService` is the bare bones interface to sanitize values for a
particular context.
* `SchemaElementRegistry.securityContext(tagName, attributeOrPropertyName)`
determines the security context for an attribute or property (it turns out
attributes and properties match for the purposes of sanitization).
Based on these hooks:
* `DomSchemaElementRegistry` decides what sanitization applies in a particular
context.
* `DomSanitizationService` implements `SanitizationService` and adds *Safe
Value*s, i.e. the ability to mark a value as safe and not requiring further
sanitization.
* `url_sanitizer` and `style_sanitizer` sanitize URLs and Styles, respectively
(surprise!).
`DomSanitizationService` is the default implementation bound for browser
applications, in the three contexts (browser rendering, web worker rendering,
server side rendering).
BREAKING CHANGES:
*** SECURITY WARNING ***
Angular 2 Release Candidates do not implement proper contextual escaping yet.
Make sure to correctly escape all values that go into the DOM.
*** SECURITY WARNING ***
Reviewers: IgorMinar
Differential Revision: https://reviews.angular.io/D103
2016-04-29 19:04:08 -04:00
|
|
|
return SecurityContext.NONE;
|
|
|
|
}
|
|
|
|
|
2016-08-23 13:52:40 -04:00
|
|
|
getMappedPropName(attrName: string): string { return this.attrPropMapping[attrName] || attrName; }
|
2016-07-28 13:39:10 -04:00
|
|
|
|
|
|
|
getDefaultComponentElementName(): string { return 'ng-component'; }
|
2016-09-27 20:10:02 -04:00
|
|
|
|
|
|
|
validateProperty(name: string): {error: boolean, msg?: string} {
|
|
|
|
if (this.invalidProperties.indexOf(name) > -1) {
|
|
|
|
return {error: true, msg: `Binding to property '${name}' is disallowed for security reasons`};
|
|
|
|
} else {
|
|
|
|
return {error: false};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
validateAttribute(name: string): {error: boolean, msg?: string} {
|
|
|
|
if (this.invalidAttributes.indexOf(name) > -1) {
|
|
|
|
return {
|
|
|
|
error: true,
|
|
|
|
msg: `Binding to attribute '${name}' is disallowed for security reasons`
|
|
|
|
};
|
|
|
|
} else {
|
|
|
|
return {error: false};
|
|
|
|
}
|
|
|
|
}
|
2016-11-08 18:45:30 -05:00
|
|
|
|
|
|
|
normalizeAnimationStyleProperty(propName: string): string { return propName; }
|
|
|
|
normalizeAnimationStyleValue(camelCaseProp: string, userProvidedProp: string, val: string|number):
|
|
|
|
{error: string, value: string} {
|
|
|
|
return {error: null, value: val.toString()};
|
|
|
|
}
|
2015-10-02 12:30:36 -04:00
|
|
|
}
|