From 5e12a957898a08b4dc8e7fb61f85795787c0a98b Mon Sep 17 00:00:00 2001
From: Martin Probst <martin@probst.io>
Date: Thu, 26 May 2016 08:00:34 -0700
Subject: [PATCH] test(security): test case for quoted URL values.

Test case that fixes #8701. This is already supported with the latest sanitizer
changes, but it's good to have an explicit test case.
---
 .../test/security/style_sanitizer_spec.ts                 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/@angular/platform-browser/test/security/style_sanitizer_spec.ts b/modules/@angular/platform-browser/test/security/style_sanitizer_spec.ts
index 6f27af93d8..7bc22ade61 100644
--- a/modules/@angular/platform-browser/test/security/style_sanitizer_spec.ts
+++ b/modules/@angular/platform-browser/test/security/style_sanitizer_spec.ts
@@ -32,8 +32,16 @@ export function main() {
     });
     t.it('sanitizes URLs', () => {
       expectSanitize('url(foo/bar.png)').toEqual('url(foo/bar.png)');
+      expectSanitize('url( foo/bar.png\n )').toEqual('url( foo/bar.png\n )');
       expectSanitize('url(javascript:evil())').toEqual('unsafe');
       expectSanitize('url(strangeprotocol:evil)').toEqual('unsafe');
     });
+    t.it('accepts quoted URLs', () => {
+      expectSanitize('url("foo/bar.png")').toEqual('url("foo/bar.png")');
+      expectSanitize(`url('foo/bar.png')`).toEqual(`url('foo/bar.png')`);
+      expectSanitize(`url(  'foo/bar.png'\n )`).toEqual(`url(  'foo/bar.png'\n )`);
+      expectSanitize('url("javascript:evil()")').toEqual('unsafe');
+      expectSanitize('url( " javascript:evil() " )').toEqual('unsafe');
+    });
   });
 }