发表新帖
发表新帖

unsafe link in angular

前端 未结
关注
5 965
遥遥无期
遥遥无期 2020-11-27 19:50

In AngularJS, in the following scenario, Firefox puts unsafe: in front of urls that are generated in the following fashion. It then display an error-page saying

相关标签:
5条回答
  • 滥情空心
    2020-11-27 19:58 
        angular.module('somemodule').config(['$compileProvider' , function ($compileProvider)
    {
          $compileProvider.urlSanitizationWhitelist(/^\s*(https?|ftp|mailto):/);
    }]);
    0 讨论(0)
  • 傲寒
    2020-11-27 20:08

    I'm using angular 1.4.0 and the following format worked:

    ng-href="http://{{baseURLHref}}{{baseURLPort}}/routingPathName"

    Adding http:// in the beginning of ng-href helped in getting rid of the unsafe appended by ng-Sanitize

    • If you're on https, then it shouldn't be a problem to hard code everything.
    • But if you've a system that has to work on both environments, you might want to use a protocol detection from location.protocol

    I'm setting the variables in $rootScope (they help with issues with proxy servers that consume css from my site)

    angular.module('myApp').run(function ($route, $rootScope, $location) {
    $rootScope.baseURLHref = '';
    $rootScope.baseURLPort = '';
    if($location.host() != 'localhost'){
      $rootScope.baseURLHref = $location.host();
      $rootScope.baseURLPort = ':' + $location.port();
    }
    ...
    0 讨论(0)
  • 走了就别回头了
    2020-11-27 20:11 
    <a href="{{applicant.resume}}" download> download resume</a>


var app = angular.module("myApp", []);

    app.config(['$compileProvider', function($compileProvider) {
         $compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|local|data|chrome-extension):/);
        $compileProvider.imgSrcSanitizationWhitelist(/^\s*(https?|local|data|chrome-extension):/);

        }]);
    0 讨论(0)
  • 日久生厌
    2020-11-27 20:16

    You are seeing side-effect of this commit: https://github.com/angular/angular.js/commit/9532234bf1c408af9a6fd2c4743fdb585b920531 that aims at addressing some security hazards.

    This commit introduced a non-backward compatible change for urls starting with file:// (it was subsequently relaxed in https://github.com/angular/angular.js/commit/7b236b29aa3a6f6dfe722815e0a2667d9b7f0899

    I assume that you are using one of 1.0.5 or 1.1.3 AngularJS versions. If so you can re-enable support for the file:// URLs by configuring $compileProvider like so:

    angular.module('myModule', [], function ($compileProvider) {

  $compileProvider.urlSanitizationWhitelist(/^\s*(https?|ftp|mailto|file):/);

});

    Or in Angular 1.2.8 and above:

    angular.module('myModule', [], function ($compileProvider) {

  $compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|ftp|mailto|file):/);

});
    0 讨论(0)
  • 梦如初夏
    2020-11-27 20:17

    Add a white list to your controller.

    For Angular.js 1.2: 

    app.config(['$compileProvider', function($compileProvider) {
    $compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|file|tel):/);
}]);

    For Angular 1.1.x and 1.0.x, use urlSanitizationWhitelist. See reference.

    0 讨论(0)
 看不清?
提交回复
热议问题