-
Notifications
You must be signed in to change notification settings - Fork 3k
/
Copy pathtemplateFactorySpec.js
80 lines (69 loc) · 2.95 KB
/
templateFactorySpec.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
describe('templateFactory', function () {
beforeEach(module('ui.router.util'));
it('exists', inject(function ($templateFactory) {
expect($templateFactory).toBeDefined();
}));
if (angular.version.major >= 1 && angular.version.minor >= 3) {
// Post 1.2, there is a $templateRequest and a $sce service
describe('should follow $sce policy and', function() {
it('accepts relative URLs', inject(function($templateFactory, $httpBackend, $sce) {
$httpBackend.expectGET('views/view.html').respond(200, 'template!');
$templateFactory.fromUrl('views/view.html');
$httpBackend.flush();
}));
it('rejects untrusted URLs',
inject(function($templateFactory, $httpBackend, $sce) {
var error = 'No error thrown';
try {
$templateFactory.fromUrl('http://evil.com/views/view.html');
} catch (e) {
error = e.message;
}
expect(error).toMatch(/sce:insecurl/);
}));
it('accepts explicitly trusted URLs',
inject(function($templateFactory, $httpBackend, $sce) {
$httpBackend.expectGET('http://evil.com/views/view.html').respond(200, 'template!');
$templateFactory.fromUrl(
$sce.trustAsResourceUrl('http://evil.com/views/view.html'));
$httpBackend.flush();
}));
});
} else { // 1.2 and before will use directly $http
it('does not restrict URL loading', inject(function($templateFactory, $httpBackend) {
$httpBackend.expectGET('http://evil.com/views/view.html').respond(200, 'template!');
$templateFactory.fromUrl('http://evil.com/views/view.html');
$httpBackend.flush();
$httpBackend.expectGET('data:text/html,foo').respond(200, 'template!');
$templateFactory.fromUrl('data:text/html,foo');
$httpBackend.flush();
}));
// Behavior not kept in >1.2 with $templateRequest
it('should request templates as text/html', inject(function($templateFactory, $httpBackend) {
$httpBackend.expectGET('views/view.html', function(headers) {
return headers.Accept === 'text/html';
}).respond(200);
$templateFactory.fromUrl('views/view.html');
$httpBackend.flush();
}));
}
});
describe('templateFactory with $http use forced', function () {
beforeEach(function() {
angular
.module('forceHttpInTemplateFactory', [])
.config(function($templateFactoryProvider) {
$templateFactoryProvider.shouldUnsafelyUseHttp(true);
});
module('ui.router.util');
module('forceHttpInTemplateFactory');
});
it('does not restrict URL loading', inject(function($templateFactory, $httpBackend) {
$httpBackend.expectGET('http://evil.com/views/view.html').respond(200, 'template!');
$templateFactory.fromUrl('http://evil.com/views/view.html');
$httpBackend.flush();
$httpBackend.expectGET('data:text/html,foo').respond(200, 'template!');
$templateFactory.fromUrl('data:text/html,foo');
$httpBackend.flush();
}));
});