angular-docs-cn/packages/platform-browser/test/security/dom_sanitization_service_spec.ts

/**
 * @license
 * Copyright Google LLC All Rights Reserved.
 *
 * Use of this source code is governed by an MIT-style license that can be
 * found in the LICENSE file at https://angular.io/license
 */

import {SecurityContext} from '@angular/core';
import {DomSanitizerImpl} from '@angular/platform-browser/src/security/dom_sanitization_service';

{
  describe('DOM Sanitization Service', () => {
    it('accepts resource URL values for resource contexts', () => {
      const svc = new DomSanitizerImpl(null);
      const resourceUrl = svc.bypassSecurityTrustResourceUrl('http://hello/world');
      expect(svc.sanitize(SecurityContext.URL, resourceUrl)).toBe('http://hello/world');
    });
  });
}
feat(security): trust resource URLs as URLs. (#10220) Resource URLs are strictly "more" trustworthy than plain URLs, so trusting them maintains the same level of security while avoiding to break people when we downgrade a resource URL context to a plain URL context. 2016-07-21 17:44:59 -07:00			`/**`
			`* @license`
build: update license headers to reference Google LLC (#37205) Update the license headers throughout the repository to reference Google LLC rather than Google Inc, for the required license headers. PR Close #37205 2020-05-19 12:08:49 -07:00			`* Copyright Google LLC All Rights Reserved.`
feat(security): trust resource URLs as URLs. (#10220) Resource URLs are strictly "more" trustworthy than plain URLs, so trusting them maintains the same level of security while avoiding to break people when we downgrade a resource URL context to a plain URL context. 2016-07-21 17:44:59 -07:00			`*`
			`* Use of this source code is governed by an MIT-style license that can be`
			`* found in the LICENSE file at https://angular.io/license`
			`*/`

			`import {SecurityContext} from '@angular/core';`
test(ivy): enable ivy tests for platform-browser (#27460) PR Close #27460 2018-12-04 15:13:10 +01:00			`import {DomSanitizerImpl} from '@angular/platform-browser/src/security/dom_sanitization_service';`
feat(security): trust resource URLs as URLs. (#10220) Resource URLs are strictly "more" trustworthy than plain URLs, so trusting them maintains the same level of security while avoiding to break people when we downgrade a resource URL context to a plain URL context. 2016-07-21 17:44:59 -07:00
build: remove `main()` from specs (#21053) PR Close #21053 2017-12-16 14:42:55 -08:00			`{`
test: clean up internal testing utilities (#42177) We have some internal proxies for all of the Jasmine functions, as well as some other helpers. This code hasn't been touched in more than 5 years, it can lead to confusion and it isn't really necessary since the same can be achieved using Jasmine. These changes remove most of the code and clean up our existing unit tests. PR Close #42177 2021-05-23 22:16:02 +02:00			`describe('DOM Sanitization Service', () => {`
			`it('accepts resource URL values for resource contexts', () => {`
feat(platform-server): add API to render Module and ModuleFactory to string (#14381) - PlatformState provides an interface to serialize the current Platform State as a string or Document. - renderModule and renderModuleFactory are convenience methods to wait for Angular Application to stabilize and then render the state to a string. - refactor code to remove defaultDoc from DomAdapter and inject DOCUMENT where it's needed. 2017-02-14 16:14:40 -08:00			`const svc = new DomSanitizerImpl(null);`
feat(security): trust resource URLs as URLs. (#10220) Resource URLs are strictly "more" trustworthy than plain URLs, so trusting them maintains the same level of security while avoiding to break people when we downgrade a resource URL context to a plain URL context. 2016-07-21 17:44:59 -07:00			`const resourceUrl = svc.bypassSecurityTrustResourceUrl('http://hello/world');`
test: clean up internal testing utilities (#42177) We have some internal proxies for all of the Jasmine functions, as well as some other helpers. This code hasn't been touched in more than 5 years, it can lead to confusion and it isn't really necessary since the same can be achieved using Jasmine. These changes remove most of the code and clean up our existing unit tests. PR Close #42177 2021-05-23 22:16:02 +02:00			`expect(svc.sanitize(SecurityContext.URL, resourceUrl)).toBe('http://hello/world');`
feat(security): trust resource URLs as URLs. (#10220) Resource URLs are strictly "more" trustworthy than plain URLs, so trusting them maintains the same level of security while avoiding to break people when we downgrade a resource URL context to a plain URL context. 2016-07-21 17:44:59 -07:00			`});`
			`});`
			`}`