| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  | /** | 
					
						
							|  |  |  |  * @license | 
					
						
							|  |  |  |  * Copyright Google Inc. All Rights Reserved. | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * Use of this source code is governed by an MIT-style license that can be | 
					
						
							|  |  |  |  * found in the LICENSE file at https://angular.io/license
 | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  | import {NgForOfContext} from '@angular/common'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import {RenderFlags, directiveInject} from '../../src/render3'; | 
					
						
							|  |  |  | import {defineComponent} from '../../src/render3/definition'; | 
					
						
							| 
									
										
										
										
											2018-08-15 18:37:03 -07:00
										 |  |  | import {bind, element, elementAttribute, elementEnd, elementProperty, elementStart, elementStyleProp, elementStyling, elementStylingApply, elementStylingMap, interpolation1, renderTemplate, template, text, textBinding} from '../../src/render3/instructions'; | 
					
						
							| 
									
										
										
										
											2018-06-19 12:45:00 -07:00
										 |  |  | import {InitialStylingFlags} from '../../src/render3/interfaces/definition'; | 
					
						
							| 
									
										
										
										
											2018-06-08 15:25:39 -07:00
										 |  |  | import {AttributeMarker, LElementNode, LNode} from '../../src/render3/interfaces/node'; | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  | import {RElement, domRendererFactory3} from '../../src/render3/interfaces/renderer'; | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  | import {bypassSanitizationTrustHtml, bypassSanitizationTrustResourceUrl, bypassSanitizationTrustScript, bypassSanitizationTrustStyle, bypassSanitizationTrustUrl} from '../../src/sanitization/bypass'; | 
					
						
							|  |  |  | import {defaultStyleSanitizer, sanitizeHtml, sanitizeResourceUrl, sanitizeScript, sanitizeStyle, sanitizeUrl} from '../../src/sanitization/sanitization'; | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  | import {Sanitizer, SecurityContext} from '../../src/sanitization/security'; | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  | import {StyleSanitizeFn} from '../../src/sanitization/style_sanitizer'; | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  | import {NgForOf} from './common_with_def'; | 
					
						
							| 
									
										
										
										
											2018-06-06 13:38:19 -07:00
										 |  |  | import {ComponentFixture, TemplateFixture} from './render_util'; | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | describe('instructions', () => { | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |   function createAnchor() { | 
					
						
							|  |  |  |     elementStart(0, 'a'); | 
					
						
							| 
									
										
										
										
											2018-07-11 09:56:47 -07:00
										 |  |  |     elementStyling(); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |     elementEnd(); | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  |   function createDiv(initialStyles?: (string | number)[], styleSanitizer?: StyleSanitizeFn) { | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  |     elementStart(0, 'div'); | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  |     elementStyling( | 
					
						
							|  |  |  |         [], initialStyles && Array.isArray(initialStyles) ? initialStyles : null, styleSanitizer); | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  |     elementEnd(); | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-27 14:28:22 -07:00
										 |  |  |   function createScript() { element(0, 'script'); } | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-13 21:01:37 +02:00
										 |  |  |   describe('bind', () => { | 
					
						
							|  |  |  |     it('should update bindings when value changes', () => { | 
					
						
							| 
									
										
										
										
											2018-08-21 00:03:21 -07:00
										 |  |  |       const t = new TemplateFixture(createAnchor, () => {}, 1, 1); | 
					
						
							| 
									
										
										
										
											2018-05-13 21:01:37 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementProperty(0, 'title', bind('Hello'))); | 
					
						
							|  |  |  |       expect(t.html).toEqual('<a title="Hello"></a>'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementProperty(0, 'title', bind('World'))); | 
					
						
							|  |  |  |       expect(t.html).toEqual('<a title="World"></a>'); | 
					
						
							|  |  |  |       expect(ngDevMode).toHaveProperties({ | 
					
						
							|  |  |  |         firstTemplatePass: 1, | 
					
						
							|  |  |  |         tNode: 2,  // 1 for hostElement + 1 for the template under test
 | 
					
						
							|  |  |  |         tView: 1, | 
					
						
							|  |  |  |         rendererCreateElement: 1, | 
					
						
							|  |  |  |         rendererSetProperty: 2 | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should not update bindings when value does not change', () => { | 
					
						
							|  |  |  |       const idempotentUpdate = () => elementProperty(0, 'title', bind('Hello')); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createAnchor, idempotentUpdate, 1, 1); | 
					
						
							| 
									
										
										
										
											2018-05-13 21:01:37 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |       t.update(); | 
					
						
							|  |  |  |       expect(t.html).toEqual('<a title="Hello"></a>'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(); | 
					
						
							|  |  |  |       expect(t.html).toEqual('<a title="Hello"></a>'); | 
					
						
							|  |  |  |       expect(ngDevMode).toHaveProperties({ | 
					
						
							|  |  |  |         firstTemplatePass: 1, | 
					
						
							|  |  |  |         tNode: 2,  // 1 for hostElement + 1 for the template under test
 | 
					
						
							|  |  |  |         tView: 1, | 
					
						
							|  |  |  |         rendererCreateElement: 1, | 
					
						
							|  |  |  |         rendererSetProperty: 1 | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  |   }); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-06-08 10:48:27 -07:00
										 |  |  |   describe('element', () => { | 
					
						
							|  |  |  |     it('should create an element', () => { | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |       const t = new TemplateFixture(() => { | 
					
						
							|  |  |  |         element(0, 'div', ['id', 'test', 'title', 'Hello']); | 
					
						
							|  |  |  |       }, () => {}, 1); | 
					
						
							| 
									
										
										
										
											2018-06-08 10:48:27 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |       const div = (t.hostNode.native as HTMLElement).querySelector('div') !; | 
					
						
							|  |  |  |       expect(div.id).toEqual('test'); | 
					
						
							|  |  |  |       expect(div.title).toEqual('Hello'); | 
					
						
							| 
									
										
										
										
											2018-06-08 15:25:39 -07:00
										 |  |  |       expect(ngDevMode).toHaveProperties({ | 
					
						
							|  |  |  |         firstTemplatePass: 1, | 
					
						
							|  |  |  |         tNode: 2,  // 1 for div, 1 for host element
 | 
					
						
							|  |  |  |         tView: 1, | 
					
						
							|  |  |  |         rendererCreateElement: 1, | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should allow setting namespaced attributes', () => { | 
					
						
							|  |  |  |       const t = new TemplateFixture(() => { | 
					
						
							| 
									
										
										
										
											2018-07-27 14:28:22 -07:00
										 |  |  |         element(0, 'div', [ | 
					
						
							| 
									
										
										
										
											2018-06-08 15:25:39 -07:00
										 |  |  |           // id="test"
 | 
					
						
							|  |  |  |           'id', | 
					
						
							|  |  |  |           'test', | 
					
						
							|  |  |  |           // test:foo="bar"
 | 
					
						
							|  |  |  |           AttributeMarker.NamespaceURI, | 
					
						
							|  |  |  |           'http://someuri.com/2018/test', | 
					
						
							|  |  |  |           'test:foo', | 
					
						
							|  |  |  |           'bar', | 
					
						
							|  |  |  |           // title="Hello"
 | 
					
						
							|  |  |  |           'title', | 
					
						
							|  |  |  |           'Hello', | 
					
						
							|  |  |  |         ]); | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |       }, () => {}, 1); | 
					
						
							| 
									
										
										
										
											2018-06-08 15:25:39 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |       const div = (t.hostNode.native as HTMLElement).querySelector('div') !; | 
					
						
							|  |  |  |       const attrs: any = div.attributes; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       expect(attrs['id'].name).toEqual('id'); | 
					
						
							|  |  |  |       expect(attrs['id'].namespaceURI).toEqual(null); | 
					
						
							|  |  |  |       expect(attrs['id'].value).toEqual('test'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       expect(attrs['test:foo'].name).toEqual('test:foo'); | 
					
						
							|  |  |  |       expect(attrs['test:foo'].namespaceURI).toEqual('http://someuri.com/2018/test'); | 
					
						
							|  |  |  |       expect(attrs['test:foo'].value).toEqual('bar'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       expect(attrs['title'].name).toEqual('title'); | 
					
						
							|  |  |  |       expect(attrs['title'].namespaceURI).toEqual(null); | 
					
						
							|  |  |  |       expect(attrs['title'].value).toEqual('Hello'); | 
					
						
							| 
									
										
										
										
											2018-06-08 10:48:27 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |       expect(ngDevMode).toHaveProperties({ | 
					
						
							|  |  |  |         firstTemplatePass: 1, | 
					
						
							|  |  |  |         tNode: 2,  // 1 for div, 1 for host element
 | 
					
						
							|  |  |  |         tView: 1, | 
					
						
							|  |  |  |         rendererCreateElement: 1, | 
					
						
							| 
									
										
										
										
											2018-06-08 15:25:39 -07:00
										 |  |  |         rendererSetAttribute: 3 | 
					
						
							| 
									
										
										
										
											2018-06-08 10:48:27 -07:00
										 |  |  |       }); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  |   }); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  |   describe('elementAttribute', () => { | 
					
						
							|  |  |  |     it('should use sanitizer function', () => { | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |       const t = new TemplateFixture(createDiv, () => {}, 1); | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementAttribute(0, 'title', 'javascript:true', sanitizeUrl)); | 
					
						
							|  |  |  |       expect(t.html).toEqual('<div title="unsafe:javascript:true"></div>'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update( | 
					
						
							|  |  |  |           () => elementAttribute( | 
					
						
							|  |  |  |               0, 'title', bypassSanitizationTrustUrl('javascript:true'), sanitizeUrl)); | 
					
						
							|  |  |  |       expect(t.html).toEqual('<div title="javascript:true"></div>'); | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |       expect(ngDevMode).toHaveProperties({ | 
					
						
							|  |  |  |         firstTemplatePass: 1, | 
					
						
							| 
									
										
										
										
											2018-05-16 05:56:01 -07:00
										 |  |  |         tNode: 2,  // 1 for div, 1 for host element
 | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |         tView: 1, | 
					
						
							|  |  |  |         rendererCreateElement: 1, | 
					
						
							|  |  |  |         rendererSetAttribute: 2 | 
					
						
							|  |  |  |       }); | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  |     }); | 
					
						
							|  |  |  |   }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   describe('elementProperty', () => { | 
					
						
							| 
									
										
										
										
											2018-03-09 18:32:32 +01:00
										 |  |  |     it('should use sanitizer function when available', () => { | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |       const t = new TemplateFixture(createDiv, () => {}, 1); | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementProperty(0, 'title', 'javascript:true', sanitizeUrl)); | 
					
						
							|  |  |  |       expect(t.html).toEqual('<div title="unsafe:javascript:true"></div>'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update( | 
					
						
							|  |  |  |           () => elementProperty( | 
					
						
							|  |  |  |               0, 'title', bypassSanitizationTrustUrl('javascript:false'), sanitizeUrl)); | 
					
						
							|  |  |  |       expect(t.html).toEqual('<div title="javascript:false"></div>'); | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |       expect(ngDevMode).toHaveProperties({ | 
					
						
							|  |  |  |         firstTemplatePass: 1, | 
					
						
							| 
									
										
										
										
											2018-05-16 05:56:01 -07:00
										 |  |  |         tNode: 2,  // 1 for div, 1 for host element
 | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |         tView: 1, | 
					
						
							|  |  |  |         rendererCreateElement: 1, | 
					
						
							|  |  |  |       }); | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  |     }); | 
					
						
							| 
									
										
										
										
											2018-03-09 18:32:32 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     it('should not stringify non string values', () => { | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |       const t = new TemplateFixture(createDiv, () => {}, 1); | 
					
						
							| 
									
										
										
										
											2018-03-09 18:32:32 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementProperty(0, 'hidden', false)); | 
					
						
							|  |  |  |       // The hidden property would be true if `false` was stringified into `"false"`.
 | 
					
						
							|  |  |  |       expect((t.hostNode.native as HTMLElement).querySelector('div') !.hidden).toEqual(false); | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |       expect(ngDevMode).toHaveProperties({ | 
					
						
							|  |  |  |         firstTemplatePass: 1, | 
					
						
							| 
									
										
										
										
											2018-05-16 05:56:01 -07:00
										 |  |  |         tNode: 2,  // 1 for div, 1 for host element
 | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |         tView: 1, | 
					
						
							|  |  |  |         rendererCreateElement: 1, | 
					
						
							|  |  |  |         rendererSetProperty: 1 | 
					
						
							|  |  |  |       }); | 
					
						
							| 
									
										
										
										
											2018-03-09 18:32:32 +01:00
										 |  |  |     }); | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  |   }); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-06-19 12:45:00 -07:00
										 |  |  |   describe('elementStyleProp', () => { | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  |     it('should automatically sanitize unless a bypass operation is applied', () => { | 
					
						
							|  |  |  |       const t = new TemplateFixture( | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |           () => { return createDiv(['background-image'], defaultStyleSanitizer); }, () => {}, 1); | 
					
						
							| 
									
										
										
										
											2018-06-19 12:45:00 -07:00
										 |  |  |       t.update(() => { | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  |         elementStyleProp(0, 0, 'url("http://server")'); | 
					
						
							| 
									
										
										
										
											2018-07-11 09:56:47 -07:00
										 |  |  |         elementStylingApply(0); | 
					
						
							| 
									
										
										
										
											2018-06-19 12:45:00 -07:00
										 |  |  |       }); | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  |       // nothing is set because sanitizer suppresses it.
 | 
					
						
							|  |  |  |       expect(t.html).toEqual('<div></div>'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-06-19 12:45:00 -07:00
										 |  |  |       t.update(() => { | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  |         elementStyleProp(0, 0, bypassSanitizationTrustStyle('url("http://server2")')); | 
					
						
							| 
									
										
										
										
											2018-07-11 09:56:47 -07:00
										 |  |  |         elementStylingApply(0); | 
					
						
							| 
									
										
										
										
											2018-06-19 12:45:00 -07:00
										 |  |  |       }); | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  |       expect((t.hostElement.firstChild as HTMLElement).style.getPropertyValue('background-image')) | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  |           .toEqual('url("http://server2")'); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should not re-apply the style value even if it is a newly bypassed again', () => { | 
					
						
							|  |  |  |       const sanitizerInterceptor = new MockSanitizerInterceptor(); | 
					
						
							|  |  |  |       const t = createTemplateFixtureWithSanitizer( | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |           () => createDiv(['background-image'], sanitizerInterceptor.getStyleSanitizer()), 1, | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  |           sanitizerInterceptor); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => { | 
					
						
							|  |  |  |         elementStyleProp(0, 0, bypassSanitizationTrustStyle('apple')); | 
					
						
							|  |  |  |         elementStylingApply(0); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       expect(sanitizerInterceptor.lastValue !).toEqual('apple'); | 
					
						
							|  |  |  |       sanitizerInterceptor.lastValue = null; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => { | 
					
						
							|  |  |  |         elementStyleProp(0, 0, bypassSanitizationTrustStyle('apple')); | 
					
						
							|  |  |  |         elementStylingApply(0); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |       expect(sanitizerInterceptor.lastValue).toEqual(null); | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  |     }); | 
					
						
							|  |  |  |   }); | 
					
						
							| 
									
										
										
										
											2018-03-08 13:57:56 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-06-19 12:45:00 -07:00
										 |  |  |   describe('elementStyleMap', () => { | 
					
						
							| 
									
										
										
										
											2018-03-08 13:57:56 -08:00
										 |  |  |     function createDivWithStyle() { | 
					
						
							| 
									
										
										
										
											2018-06-19 12:45:00 -07:00
										 |  |  |       elementStart(0, 'div'); | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  |       elementStyling([], ['height', InitialStylingFlags.VALUES_MODE, 'height', '10px']); | 
					
						
							| 
									
										
										
										
											2018-03-08 13:57:56 -08:00
										 |  |  |       elementEnd(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should add style', () => { | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |       const fixture = new TemplateFixture(createDivWithStyle, () => {}, 1); | 
					
						
							| 
									
										
										
										
											2018-06-19 12:45:00 -07:00
										 |  |  |       fixture.update(() => { | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  |         elementStylingMap(0, null, {'background-color': 'red'}); | 
					
						
							| 
									
										
										
										
											2018-07-11 09:56:47 -07:00
										 |  |  |         elementStylingApply(0); | 
					
						
							| 
									
										
										
										
											2018-06-19 12:45:00 -07:00
										 |  |  |       }); | 
					
						
							| 
									
										
										
										
											2018-03-08 13:57:56 -08:00
										 |  |  |       expect(fixture.html).toEqual('<div style="height: 10px; background-color: red;"></div>'); | 
					
						
							|  |  |  |     }); | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |     it('should sanitize new styles that may contain `url` properties', () => { | 
					
						
							|  |  |  |       const detectedValues: string[] = []; | 
					
						
							|  |  |  |       const sanitizerInterceptor = | 
					
						
							|  |  |  |           new MockSanitizerInterceptor(value => { detectedValues.push(value); }); | 
					
						
							|  |  |  |       const fixture = createTemplateFixtureWithSanitizer( | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |           () => createDiv([], sanitizerInterceptor.getStyleSanitizer()), 1, sanitizerInterceptor); | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |       fixture.update(() => { | 
					
						
							|  |  |  |         elementStylingMap(0, null, { | 
					
						
							|  |  |  |           'background-image': 'background-image', | 
					
						
							|  |  |  |           'background': 'background', | 
					
						
							|  |  |  |           'border-image': 'border-image', | 
					
						
							|  |  |  |           'list-style': 'list-style', | 
					
						
							|  |  |  |           'list-style-image': 'list-style-image', | 
					
						
							|  |  |  |           'filter': 'filter', | 
					
						
							|  |  |  |           'width': 'width' | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         elementStylingApply(0); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       const props = detectedValues.sort(); | 
					
						
							|  |  |  |       expect(props).toEqual([ | 
					
						
							|  |  |  |         'background', 'background-image', 'border-image', 'filter', 'list-style', 'list-style-image' | 
					
						
							|  |  |  |       ]); | 
					
						
							|  |  |  |     }); | 
					
						
							| 
									
										
										
										
											2018-03-08 13:57:56 -08:00
										 |  |  |   }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   describe('elementClass', () => { | 
					
						
							| 
									
										
										
										
											2018-07-11 09:56:47 -07:00
										 |  |  |     function createDivWithStyling() { | 
					
						
							|  |  |  |       elementStart(0, 'div'); | 
					
						
							|  |  |  |       elementStyling(); | 
					
						
							|  |  |  |       elementEnd(); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2018-03-08 13:57:56 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  |     it('should add class', () => { | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |       const fixture = new TemplateFixture(createDivWithStyling, () => {}, 1); | 
					
						
							| 
									
										
										
										
											2018-07-11 09:56:47 -07:00
										 |  |  |       fixture.update(() => { | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  |         elementStylingMap(0, 'multiple classes'); | 
					
						
							| 
									
										
										
										
											2018-07-11 09:56:47 -07:00
										 |  |  |         elementStylingApply(0); | 
					
						
							|  |  |  |       }); | 
					
						
							| 
									
										
										
										
											2018-03-08 13:57:56 -08:00
										 |  |  |       expect(fixture.html).toEqual('<div class="multiple classes"></div>'); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  |   }); | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |   describe('performance counters', () => { | 
					
						
							|  |  |  |     it('should create tViews only once for each nested level', () => { | 
					
						
							|  |  |  |       const _c0 = ['ngFor', '', 'ngForOf', '']; | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |       function ToDoAppComponent_NgForOf_Template_0(rf: RenderFlags, ctx0: NgForOfContext<any>) { | 
					
						
							|  |  |  |         if (rf & RenderFlags.Create) { | 
					
						
							|  |  |  |           elementStart(0, 'ul'); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |           template(1, ToDoAppComponent_NgForOf_NgForOf_Template_1, 2, 1, null, _c0); | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |           elementEnd(); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         if (rf & RenderFlags.Update) { | 
					
						
							|  |  |  |           const row_r2 = ctx0.$implicit; | 
					
						
							|  |  |  |           elementProperty(1, 'ngForOf', bind(row_r2)); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       function ToDoAppComponent_NgForOf_NgForOf_Template_1( | 
					
						
							|  |  |  |           rf: RenderFlags, ctx1: NgForOfContext<any>) { | 
					
						
							|  |  |  |         if (rf & RenderFlags.Create) { | 
					
						
							|  |  |  |           elementStart(0, 'li'); | 
					
						
							|  |  |  |           text(1); | 
					
						
							|  |  |  |           elementEnd(); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         if (rf & RenderFlags.Update) { | 
					
						
							|  |  |  |           const col_r3 = ctx1.$implicit; | 
					
						
							|  |  |  |           textBinding(1, interpolation1('', col_r3, '')); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |       /** | 
					
						
							|  |  |  |        * <ul *ngFor="let row of rows"> | 
					
						
							|  |  |  |        *   <li *ngFor="let col of row.cols">{{col}}</li> | 
					
						
							|  |  |  |        * </ul> | 
					
						
							|  |  |  |        */ | 
					
						
							|  |  |  |       class NestedLoops { | 
					
						
							|  |  |  |         rows = [['a', 'b'], ['A', 'B'], ['a', 'b'], ['A', 'B']]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         static ngComponentDef = defineComponent({ | 
					
						
							|  |  |  |           type: NestedLoops, | 
					
						
							| 
									
										
										
										
											2018-04-26 10:44:49 -07:00
										 |  |  |           selectors: [['nested-loops']], | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |           factory: function ToDoAppComponent_Factory() { return new NestedLoops(); }, | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  |           consts: 1, | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |           vars: 1, | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |           template: function ToDoAppComponent_Template(rf: RenderFlags, ctx: NestedLoops) { | 
					
						
							| 
									
										
										
										
											2018-04-26 10:44:49 -07:00
										 |  |  |             if (rf & RenderFlags.Create) { | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |               template(0, ToDoAppComponent_NgForOf_Template_0, 2, 1, null, _c0); | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |             } | 
					
						
							| 
									
										
										
										
											2018-04-26 10:44:49 -07:00
										 |  |  |             if (rf & RenderFlags.Update) { | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |               elementProperty(0, 'ngForOf', bind(ctx.rows)); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |           }, | 
					
						
							|  |  |  |           directives: [NgForOf] | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |       const fixture = new ComponentFixture(NestedLoops); | 
					
						
							|  |  |  |       expect(ngDevMode).toHaveProperties({ | 
					
						
							| 
									
										
										
										
											2018-04-26 10:44:49 -07:00
										 |  |  |         // Expect: fixture view/Host view + component + ngForRow + ngForCol
 | 
					
						
							|  |  |  |         tView: 4,  // should be: 4,
 | 
					
						
							| 
									
										
										
										
											2018-04-14 11:52:53 -07:00
										 |  |  |       }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  |   }); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |   describe('sanitization injection compatibility', () => { | 
					
						
							|  |  |  |     it('should work for url sanitization', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => `${value}-sanitized`); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createAnchor, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = 'http://foo'; | 
					
						
							|  |  |  |       const outputValue = 'http://foo-sanitized'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementAttribute(0, 'href', inputValue, sanitizeUrl)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<a href="${outputValue}"></a>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toEqual(outputValue); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should bypass url sanitization if marked by the service', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => ''); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createAnchor, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = s.bypassSecurityTrustUrl('http://foo'); | 
					
						
							|  |  |  |       const outputValue = 'http://foo'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementAttribute(0, 'href', inputValue, sanitizeUrl)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<a href="${outputValue}"></a>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toBeFalsy(); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should bypass ivy-level url sanitization if a custom sanitizer is used', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => ''); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createAnchor, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = bypassSanitizationTrustUrl('http://foo'); | 
					
						
							|  |  |  |       const outputValue = 'http://foo-ivy'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementAttribute(0, 'href', inputValue, sanitizeUrl)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<a href="${outputValue}"></a>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toBeFalsy(); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should work for style sanitization', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => `color:blue`); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createDiv, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = 'color:red'; | 
					
						
							|  |  |  |       const outputValue = 'color:blue'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementAttribute(0, 'style', inputValue, sanitizeStyle)); | 
					
						
							|  |  |  |       expect(stripStyleWsCharacters(t.html)).toEqual(`<div style="${outputValue}"></div>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toEqual(outputValue); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should bypass style sanitization if marked by the service', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => ''); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createDiv, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = s.bypassSecurityTrustStyle('color:maroon'); | 
					
						
							|  |  |  |       const outputValue = 'color:maroon'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementAttribute(0, 'style', inputValue, sanitizeStyle)); | 
					
						
							|  |  |  |       expect(stripStyleWsCharacters(t.html)).toEqual(`<div style="${outputValue}"></div>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toBeFalsy(); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should bypass ivy-level style sanitization if a custom sanitizer is used', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => ''); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createDiv, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = bypassSanitizationTrustStyle('font-family:foo'); | 
					
						
							|  |  |  |       const outputValue = 'font-family:foo-ivy'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementAttribute(0, 'style', inputValue, sanitizeStyle)); | 
					
						
							|  |  |  |       expect(stripStyleWsCharacters(t.html)).toEqual(`<div style="${outputValue}"></div>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toBeFalsy(); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should work for resourceUrl sanitization', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => `${value}-sanitized`); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createScript, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = 'http://resource'; | 
					
						
							|  |  |  |       const outputValue = 'http://resource-sanitized'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementAttribute(0, 'src', inputValue, sanitizeResourceUrl)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<script src="${outputValue}"></script>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toEqual(outputValue); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should bypass resourceUrl sanitization if marked by the service', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => ''); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createScript, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = s.bypassSecurityTrustResourceUrl('file://all-my-secrets.pdf'); | 
					
						
							|  |  |  |       const outputValue = 'file://all-my-secrets.pdf'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementAttribute(0, 'src', inputValue, sanitizeResourceUrl)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<script src="${outputValue}"></script>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toBeFalsy(); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should bypass ivy-level resourceUrl sanitization if a custom sanitizer is used', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => ''); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createScript, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = bypassSanitizationTrustResourceUrl('file://all-my-secrets.pdf'); | 
					
						
							|  |  |  |       const outputValue = 'file://all-my-secrets.pdf-ivy'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementAttribute(0, 'src', inputValue, sanitizeResourceUrl)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<script src="${outputValue}"></script>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toBeFalsy(); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should work for script sanitization', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => `${value} //sanitized`); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createScript, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = 'fn();'; | 
					
						
							|  |  |  |       const outputValue = 'fn(); //sanitized'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementProperty(0, 'innerHTML', inputValue, sanitizeScript)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<script>${outputValue}</script>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toEqual(outputValue); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should bypass script sanitization if marked by the service', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => ''); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createScript, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = s.bypassSecurityTrustScript('alert("bar")'); | 
					
						
							|  |  |  |       const outputValue = 'alert("bar")'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementProperty(0, 'innerHTML', inputValue, sanitizeScript)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<script>${outputValue}</script>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toBeFalsy(); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should bypass ivy-level script sanitization if a custom sanitizer is used', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => ''); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createScript, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = bypassSanitizationTrustScript('alert("bar")'); | 
					
						
							|  |  |  |       const outputValue = 'alert("bar")-ivy'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementProperty(0, 'innerHTML', inputValue, sanitizeScript)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<script>${outputValue}</script>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toBeFalsy(); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should work for html sanitization', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => `${value} <!--sanitized-->`); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createDiv, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = '<header></header>'; | 
					
						
							|  |  |  |       const outputValue = '<header></header> <!--sanitized-->'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementProperty(0, 'innerHTML', inputValue, sanitizeHtml)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<div>${outputValue}</div>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toEqual(outputValue); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should bypass html sanitization if marked by the service', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => ''); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createDiv, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = s.bypassSecurityTrustHtml('<div onclick="alert(123)"></div>'); | 
					
						
							|  |  |  |       const outputValue = '<div onclick="alert(123)"></div>'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementProperty(0, 'innerHTML', inputValue, sanitizeHtml)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<div>${outputValue}</div>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toBeFalsy(); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     it('should bypass ivy-level script sanitization if a custom sanitizer is used', () => { | 
					
						
							|  |  |  |       const s = new LocalMockSanitizer(value => ''); | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |       const t = new TemplateFixture(createDiv, undefined, 1, 0, null, null, s); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  |       const inputValue = bypassSanitizationTrustHtml('<div onclick="alert(123)"></div>'); | 
					
						
							|  |  |  |       const outputValue = '<div onclick="alert(123)"></div>-ivy'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       t.update(() => elementProperty(0, 'innerHTML', inputValue, sanitizeHtml)); | 
					
						
							|  |  |  |       expect(t.html).toEqual(`<div>${outputValue}</div>`); | 
					
						
							|  |  |  |       expect(s.lastSanitizedValue).toBeFalsy(); | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  |   }); | 
					
						
							| 
									
										
										
										
											2018-03-01 17:14:01 -08:00
										 |  |  | }); | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | class LocalSanitizedValue { | 
					
						
							|  |  |  |   constructor(public value: any) {} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   toString() { return this.value; } | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | class LocalMockSanitizer implements Sanitizer { | 
					
						
							| 
									
										
										
										
											2018-06-18 16:38:33 -07:00
										 |  |  |   // TODO(issue/24571): remove '!'.
 | 
					
						
							|  |  |  |   public lastSanitizedValue !: string | null; | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |   constructor(private _interceptor: (value: string|null|any) => string) {} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   sanitize(context: SecurityContext, value: LocalSanitizedValue|string|null|any): string|null { | 
					
						
							|  |  |  |     if (value instanceof String) { | 
					
						
							|  |  |  |       return value.toString() + '-ivy'; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (value instanceof LocalSanitizedValue) { | 
					
						
							|  |  |  |       return value.toString(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return this.lastSanitizedValue = this._interceptor(value); | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   bypassSecurityTrustHtml(value: string) { return new LocalSanitizedValue(value); } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   bypassSecurityTrustStyle(value: string) { return new LocalSanitizedValue(value); } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   bypassSecurityTrustScript(value: string) { return new LocalSanitizedValue(value); } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   bypassSecurityTrustUrl(value: string) { return new LocalSanitizedValue(value); } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   bypassSecurityTrustResourceUrl(value: string) { return new LocalSanitizedValue(value); } | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  | class MockSanitizerInterceptor { | 
					
						
							|  |  |  |   public lastValue: string|null = null; | 
					
						
							|  |  |  |   constructor(private _interceptorFn?: ((value: any) => any)|null) {} | 
					
						
							|  |  |  |   getStyleSanitizer() { return defaultStyleSanitizer; } | 
					
						
							|  |  |  |   sanitize(context: SecurityContext, value: LocalSanitizedValue|string|null|any): string|null { | 
					
						
							|  |  |  |     if (this._interceptorFn) { | 
					
						
							|  |  |  |       this._interceptorFn(value); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     return this.lastValue = value; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-09 15:30:16 -07:00
										 |  |  | function stripStyleWsCharacters(value: string): string { | 
					
						
							|  |  |  |   // color: blue; => color:blue
 | 
					
						
							|  |  |  |   return value.replace(/;/g, '').replace(/:\s+/g, ':'); | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-08-16 18:53:21 -07:00
										 |  |  | function createTemplateFixtureWithSanitizer( | 
					
						
							|  |  |  |     buildFn: () => any, consts: number, sanitizer: Sanitizer) { | 
					
						
							| 
									
										
										
										
											2018-08-18 11:14:50 -07:00
										 |  |  |   return new TemplateFixture(buildFn, () => {}, consts, 0, null, null, sanitizer); | 
					
						
							| 
									
										
										
										
											2018-07-11 10:58:18 -07:00
										 |  |  | } |