Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

Commit 167aa0c

Browse files
vojtajinaIgorMinar
vojtajina
authored and
IgorMinar
committed
feat($sniffer): auto detect CSP mode
Chrome Canary now has CSP with apis that allow auto-detection. This change will turn on CSP mode automatically when we detect its presence. https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-interfaces--experimental
1 parent 4ccd9eb commit 167aa0c

File tree

3 files changed

+32
-13
lines changed

3 files changed

+32
-13
lines changed

src/ng/sniffer.js

+7-6
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
*
66
* @name ng.$sniffer
77
* @requires $window
8+
* @requires $document
89
*
910
* @property {boolean} history Does the browser support html5 history api ?
1011
* @property {boolean} hashchange Does the browser support hashchange event ?
@@ -13,9 +14,10 @@
1314
* This is very simple implementation of testing browser's features.
1415
*/
1516
function $SnifferProvider() {
16-
this.$get = ['$window', function($window) {
17+
this.$get = ['$window', '$document', function($window, $document) {
1718
var eventSupport = {},
18-
android = int((/android (\d+)/.exec(lowercase($window.navigator.userAgent)) || [])[1]);
19+
android = int((/android (\d+)/.exec(lowercase($window.navigator.userAgent)) || [])[1]),
20+
document = $document[0];
1921

2022
return {
2123
// Android has history.pushState, but it does not update location correctly
@@ -25,22 +27,21 @@ function $SnifferProvider() {
2527
history: !!($window.history && $window.history.pushState && !(android < 4)),
2628
hashchange: 'onhashchange' in $window &&
2729
// IE8 compatible mode lies
28-
(!$window.document.documentMode || $window.document.documentMode > 7),
30+
(!document.documentMode || document.documentMode > 7),
2931
hasEvent: function(event) {
3032
// IE9 implements 'input' event it's so fubared that we rather pretend that it doesn't have
3133
// it. In particular the event is not fired when backspace or delete key are pressed or
3234
// when cut operation is performed.
3335
if (event == 'input' && msie == 9) return false;
3436

3537
if (isUndefined(eventSupport[event])) {
36-
var divElm = $window.document.createElement('div');
38+
var divElm = document.createElement('div');
3739
eventSupport[event] = 'on' + event in divElm;
3840
}
3941

4042
return eventSupport[event];
4143
},
42-
// TODO(i): currently there is no way to feature detect CSP without triggering alerts
43-
csp: false
44+
csp: document.SecurityPolicy ? document.SecurityPolicy.isActive() : false
4445
};
4546
}];
4647
}

test/ng/logSpec.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ describe('$log', function() {
66

77

88
beforeEach(module(function($provide){
9-
$window = {navigator: {}};
9+
$window = {navigator: {}, document: {}};
1010
logger = '';
1111
log = function() { logger+= 'log;'; };
1212
warn = function() { logger+= 'warn;'; };

test/ng/snifferSpec.js

+24-6
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,10 @@
22

33
describe('$sniffer', function() {
44

5-
function sniffer($window) {
5+
function sniffer($window, $document) {
66
$window.navigator = {};
7-
return new $SnifferProvider().$get[1]($window);
7+
$document = jqLite($document || {});
8+
return new $SnifferProvider().$get[2]($window, $document);
89
}
910

1011
describe('history', function() {
@@ -20,15 +21,15 @@ describe('$sniffer', function() {
2021

2122
describe('hashchange', function() {
2223
it('should be true if onhashchange property defined', function() {
23-
expect(sniffer({onhashchange: true, document: {}}).hashchange).toBe(true);
24+
expect(sniffer({onhashchange: true}, {}).hashchange).toBe(true);
2425
});
2526

2627
it('should be false if onhashchange property not defined', function() {
27-
expect(sniffer({document: {}}).hashchange).toBe(false);
28+
expect(sniffer({}, {}).hashchange).toBe(false);
2829
});
2930

3031
it('should be false if documentMode is 7 (IE8 comp mode)', function() {
31-
expect(sniffer({onhashchange: true, document: {documentMode: 7}}).hashchange).toBe(false);
32+
expect(sniffer({onhashchange: true}, {documentMode: 7}).hashchange).toBe(false);
3233
});
3334
});
3435

@@ -42,7 +43,7 @@ describe('$sniffer', function() {
4243
if (elm === 'div') return mockDivElement;
4344
});
4445

45-
$sniffer = sniffer({document: mockDocument});
46+
$sniffer = sniffer({}, mockDocument);
4647
});
4748

4849

@@ -78,4 +79,21 @@ describe('$sniffer', function() {
7879
expect($sniffer.hasEvent('input')).toBe((msie == 9) ? false : true);
7980
});
8081
});
82+
83+
84+
describe('csp', function() {
85+
it('should be false if document.SecurityPolicy.isActive not available', function() {
86+
expect(sniffer({}, {}).csp).toBe(false);
87+
});
88+
89+
90+
it('should use document.SecurityPolicy.isActive() if available', function() {
91+
var createDocumentWithCSP = function(csp) {
92+
return {SecurityPolicy: {isActive: function() {return csp;}}};
93+
};
94+
95+
expect(sniffer({}, createDocumentWithCSP(false)).csp).toBe(false);
96+
expect(sniffer({}, createDocumentWithCSP(true)).csp).toBe(true);
97+
});
98+
});
8199
});

0 commit comments

Comments
 (0)