diff --git a/src/ng/sanitizeUri.js b/src/ng/sanitizeUri.js
index aa09d0b4864d..a5302994415d 100644
--- a/src/ng/sanitizeUri.js
+++ b/src/ng/sanitizeUri.js
@@ -6,7 +6,7 @@
* Private service to sanitize uris for links and images. Used by $compile and $sanitize.
*/
function $$SanitizeUriProvider() {
- var aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/,
+ var aHrefSanitizationWhitelist = /^\s*(https?|s?ftp|mailto|tel|file):/,
imgSrcSanitizationWhitelist = /^\s*((https?|ftp|file|blob):|data:image\/)/;
/**
diff --git a/src/ngSanitize/filter/linky.js b/src/ngSanitize/filter/linky.js
index 6247cb626b46..34881c847729 100644
--- a/src/ngSanitize/filter/linky.js
+++ b/src/ngSanitize/filter/linky.js
@@ -6,7 +6,7 @@
* @kind function
*
* @description
- * Finds links in text input and turns them into html links. Supports `http/https/ftp/mailto` and
+ * Finds links in text input and turns them into html links. Supports `http/https/ftp/sftp/mailto` and
* plain email address links.
*
* Requires the {@link ngSanitize `ngSanitize`} module to be installed.
@@ -129,7 +129,7 @@
*/
angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) {
var LINKY_URL_REGEXP =
- /((ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i,
+ /((s?ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i,
MAILTO_REGEXP = /^mailto:/i;
var linkyMinErr = angular.$$minErr('linky');
diff --git a/test/ng/compileSpec.js b/test/ng/compileSpec.js
index 4fa14d2daff0..f8b56ea93a94 100644
--- a/test/ng/compileSpec.js
+++ b/test/ng/compileSpec.js
@@ -153,7 +153,7 @@ describe('$compile', function() {
it('should allow aHrefSanitizationWhitelist to be configured', function() {
module(function($compileProvider) {
- expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/^\s*(https?|ftp|mailto|tel|file):/); // the default
+ expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/^\s*(https?|s?ftp|mailto|tel|file):/); // the default
$compileProvider.aHrefSanitizationWhitelist(/other/);
expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/other/);
});
diff --git a/test/ng/sanitizeUriSpec.js b/test/ng/sanitizeUriSpec.js
index 7d01e3c4ba64..c5ca4c5d040f 100644
--- a/test/ng/sanitizeUriSpec.js
+++ b/test/ng/sanitizeUriSpec.js
@@ -216,6 +216,9 @@ describe('sanitizeUri', function() {
testUrl = 'ftp://foo/bar';
expect(sanitizeHref(testUrl)).toBe('ftp://foo/bar');
+ testUrl = 'sftp://foo/bar';
+ expect(sanitizeHref(testUrl)).toBe('sftp://foo/bar');
+
testUrl = 'mailto:foo@bar.com';
expect(sanitizeHref(testUrl)).toBe('mailto:foo@bar.com');
diff --git a/test/ngSanitize/filter/linkySpec.js b/test/ngSanitize/filter/linkySpec.js
index 4599c1ee48ab..236766e61038 100644
--- a/test/ngSanitize/filter/linkySpec.js
+++ b/test/ngSanitize/filter/linkySpec.js
@@ -58,6 +58,10 @@ describe('linky', function() {
expect(linky('HTTP://example.com')).toEqual('HTTP://example.com');
expect(linky('HTTPS://www.example.com')).toEqual('HTTPS://www.example.com');
expect(linky('HTTPS://example.com')).toEqual('HTTPS://example.com');
+ expect(linky('FTP://www.example.com')).toEqual('FTP://www.example.com');
+ expect(linky('FTP://example.com')).toEqual('FTP://example.com');
+ expect(linky('SFTP://www.example.com')).toEqual('SFTP://www.example.com');
+ expect(linky('SFTP://example.com')).toEqual('SFTP://example.com');
});
it('should handle www.', function() {
diff --git a/test/ngSanitize/sanitizeSpec.js b/test/ngSanitize/sanitizeSpec.js
index 70682c23ed4d..c3206948e990 100644
--- a/test/ngSanitize/sanitizeSpec.js
+++ b/test/ngSanitize/sanitizeSpec.js
@@ -270,7 +270,8 @@ describe('HTML', function() {
// See https://github.com/cure53/DOMPurify/blob/a992d3a75031cb8bb032e5ea8399ba972bdf9a65/src/purify.js#L439-L449
it('should not allow JavaScript execution when creating inert document', inject(function($sanitize) {
- var doc = $sanitize('');
+ $sanitize('');
+
expect(window.xxx).toBe(undefined);
delete window.xxx;
}));