style(core): improve readability of style_sanizer(_spec).ts (#33841)
PR Close #33841
This commit is contained in:
parent
5af3bd4728
commit
6a5475f65b
|
@ -29,7 +29,7 @@ const VALUES = '[-,."\'%_!# a-zA-Z0-9]+';
|
||||||
const TRANSFORMATION_FNS = '(?:matrix|translate|scale|rotate|skew|perspective)(?:X|Y|Z|3d)?';
|
const TRANSFORMATION_FNS = '(?:matrix|translate|scale|rotate|skew|perspective)(?:X|Y|Z|3d)?';
|
||||||
const COLOR_FNS = '(?:rgb|hsl)a?';
|
const COLOR_FNS = '(?:rgb|hsl)a?';
|
||||||
const GRADIENTS = '(?:repeating-)?(?:linear|radial)-gradient';
|
const GRADIENTS = '(?:repeating-)?(?:linear|radial)-gradient';
|
||||||
const CSS3_FNS = '(?:calc|attr)';
|
const CSS3_FNS = '(?:attr|calc)';
|
||||||
const FN_ARGS = '\\([-0-9.%, #a-zA-Z]+\\)';
|
const FN_ARGS = '\\([-0-9.%, #a-zA-Z]+\\)';
|
||||||
const SAFE_STYLE_VALUE = new RegExp(
|
const SAFE_STYLE_VALUE = new RegExp(
|
||||||
`^(${VALUES}|` +
|
`^(${VALUES}|` +
|
||||||
|
|
|
@ -6,16 +6,14 @@
|
||||||
* found in the LICENSE file at https://angular.io/license
|
* found in the LICENSE file at https://angular.io/license
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import * as t from '@angular/core/testing/src/testing_internal';
|
|
||||||
|
|
||||||
import {_sanitizeStyle} from '../../src/sanitization/style_sanitizer';
|
import {_sanitizeStyle} from '../../src/sanitization/style_sanitizer';
|
||||||
|
|
||||||
{
|
|
||||||
t.describe('Style sanitizer', () => {
|
describe('Style sanitizer', () => {
|
||||||
let logMsgs: string[];
|
let logMsgs: string[];
|
||||||
let originalLog: (msg: any) => any;
|
let originalLog: (msg: any) => any;
|
||||||
|
|
||||||
t.beforeEach(() => {
|
beforeEach(() => {
|
||||||
logMsgs = [];
|
logMsgs = [];
|
||||||
originalLog = console.warn; // Monkey patch DOM.log.
|
originalLog = console.warn; // Monkey patch DOM.log.
|
||||||
console.warn = (msg: any) => logMsgs.push(msg);
|
console.warn = (msg: any) => logMsgs.push(msg);
|
||||||
|
@ -23,39 +21,44 @@ import {_sanitizeStyle} from '../../src/sanitization/style_sanitizer';
|
||||||
|
|
||||||
afterEach(() => { console.warn = originalLog; });
|
afterEach(() => { console.warn = originalLog; });
|
||||||
|
|
||||||
function expectSanitize(v: string) { return t.expect(_sanitizeStyle(v)); }
|
function expectSanitize(v: string) { return expect(_sanitizeStyle(v)); }
|
||||||
|
|
||||||
t.it('sanitizes values', () => {
|
it('sanitizes values', () => {
|
||||||
expectSanitize('').toEqual('');
|
expectSanitize('').toEqual('');
|
||||||
expectSanitize('abc').toEqual('abc');
|
expectSanitize('abc').toEqual('abc');
|
||||||
expectSanitize('50px').toEqual('50px');
|
expectSanitize('50px').toEqual('50px');
|
||||||
expectSanitize('rgb(255, 0, 0)').toEqual('rgb(255, 0, 0)');
|
expectSanitize('rgb(255, 0, 0)').toEqual('rgb(255, 0, 0)');
|
||||||
expectSanitize('expression(haha)').toEqual('unsafe');
|
expectSanitize('expression(haha)').toEqual('unsafe');
|
||||||
});
|
});
|
||||||
t.it('rejects unblanaced quotes', () => { expectSanitize('"value" "').toEqual('unsafe'); });
|
|
||||||
t.it('accepts transform functions', () => {
|
it('rejects unblanaced quotes', () => { expectSanitize('"value" "').toEqual('unsafe'); });
|
||||||
|
|
||||||
|
it('accepts transform functions', () => {
|
||||||
expectSanitize('rotate(90deg)').toEqual('rotate(90deg)');
|
expectSanitize('rotate(90deg)').toEqual('rotate(90deg)');
|
||||||
expectSanitize('rotate(javascript:evil())').toEqual('unsafe');
|
expectSanitize('rotate(javascript:evil())').toEqual('unsafe');
|
||||||
expectSanitize('translateX(12px, -5px)').toEqual('translateX(12px, -5px)');
|
expectSanitize('translateX(12px, -5px)').toEqual('translateX(12px, -5px)');
|
||||||
expectSanitize('scale3d(1, 1, 2)').toEqual('scale3d(1, 1, 2)');
|
expectSanitize('scale3d(1, 1, 2)').toEqual('scale3d(1, 1, 2)');
|
||||||
});
|
});
|
||||||
t.it('accepts gradients', () => {
|
|
||||||
|
it('accepts gradients', () => {
|
||||||
expectSanitize('linear-gradient(to bottom, #fg34a1, #bada55)')
|
expectSanitize('linear-gradient(to bottom, #fg34a1, #bada55)')
|
||||||
.toEqual('linear-gradient(to bottom, #fg34a1, #bada55)');
|
.toEqual('linear-gradient(to bottom, #fg34a1, #bada55)');
|
||||||
expectSanitize('repeating-radial-gradient(ellipse cover, black, red, black, red)')
|
expectSanitize('repeating-radial-gradient(ellipse cover, black, red, black, red)')
|
||||||
.toEqual('repeating-radial-gradient(ellipse cover, black, red, black, red)');
|
.toEqual('repeating-radial-gradient(ellipse cover, black, red, black, red)');
|
||||||
});
|
});
|
||||||
t.it('accepts calc', () => { expectSanitize('calc(90%-123px)').toEqual('calc(90%-123px)'); });
|
|
||||||
t.it('accepts attr', () => {
|
it('accepts attr', () => { expectSanitize('attr(value string)').toEqual('attr(value string)'); });
|
||||||
expectSanitize('attr(value string)').toEqual('attr(value string)');
|
|
||||||
});
|
it('accepts calc', () => { expectSanitize('calc(90%-123px)').toEqual('calc(90%-123px)'); });
|
||||||
t.it('sanitizes URLs', () => {
|
|
||||||
|
it('sanitizes URLs', () => {
|
||||||
expectSanitize('url(foo/bar.png)').toEqual('url(foo/bar.png)');
|
expectSanitize('url(foo/bar.png)').toEqual('url(foo/bar.png)');
|
||||||
expectSanitize('url( foo/bar.png\n )').toEqual('url( foo/bar.png\n )');
|
expectSanitize('url( foo/bar.png\n )').toEqual('url( foo/bar.png\n )');
|
||||||
expectSanitize('url(javascript:evil())').toEqual('unsafe');
|
expectSanitize('url(javascript:evil())').toEqual('unsafe');
|
||||||
expectSanitize('url(strangeprotocol:evil)').toEqual('unsafe');
|
expectSanitize('url(strangeprotocol:evil)').toEqual('unsafe');
|
||||||
});
|
});
|
||||||
t.it('accepts quoted URLs', () => {
|
|
||||||
|
it('accepts quoted URLs', () => {
|
||||||
expectSanitize('url("foo/bar.png")').toEqual('url("foo/bar.png")');
|
expectSanitize('url("foo/bar.png")').toEqual('url("foo/bar.png")');
|
||||||
expectSanitize(`url('foo/bar.png')`).toEqual(`url('foo/bar.png')`);
|
expectSanitize(`url('foo/bar.png')`).toEqual(`url('foo/bar.png')`);
|
||||||
expectSanitize(`url( 'foo/bar.png'\n )`).toEqual(`url( 'foo/bar.png'\n )`);
|
expectSanitize(`url( 'foo/bar.png'\n )`).toEqual(`url( 'foo/bar.png'\n )`);
|
||||||
|
@ -63,4 +66,3 @@ import {_sanitizeStyle} from '../../src/sanitization/style_sanitizer';
|
||||||
expectSanitize('url( " javascript:evil() " )').toEqual('unsafe');
|
expectSanitize('url( " javascript:evil() " )').toEqual('unsafe');
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in New Issue