angular · Narretz · Oct 11, 2017 · Jul 12, 2017 · Jul 12, 2017 · Aug 15, 2017
diff --git a/src/ng/sanitizeUri.js b/src/ng/sanitizeUri.js
@@ -6,7 +6,7 @@
  * Private service to sanitize uris for links and images. Used by $compile and $sanitize.
  */
 function $$SanitizeUriProvider() {
-  var aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/,
+  var aHrefSanitizationWhitelist = /^\s*(https?|s?ftp|mailto|tel|file):/,
     imgSrcSanitizationWhitelist = /^\s*((https?|ftp|file|blob):|data:image\/)/;
 
   /**

diff --git a/src/ngSanitize/filter/linky.js b/src/ngSanitize/filter/linky.js
@@ -6,7 +6,7 @@
  * @kind function
  *
  * @description
- * Finds links in text input and turns them into html links. Supports `http/https/ftp/mailto` and
+ * Finds links in text input and turns them into html links. Supports `http/https/ftp/sftp/mailto` and
  * plain email address links.
  *
  * Requires the {@link ngSanitize `ngSanitize`} module to be installed.
@@ -129,7 +129,7 @@
  */
 angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) {
   var LINKY_URL_REGEXP =
-        /((ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i,
+        /((s?ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i,
       MAILTO_REGEXP = /^mailto:/i;
 
   var linkyMinErr = angular.$$minErr('linky');

diff --git a/test/ng/compileSpec.js b/test/ng/compileSpec.js
@@ -153,7 +153,7 @@ describe('$compile', function() {
 
     it('should allow aHrefSanitizationWhitelist to be configured', function() {
       module(function($compileProvider) {
-        expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/^\s*(https?|ftp|mailto|tel|file):/); // the default
+        expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/^\s*(https?|s?ftp|mailto|tel|file):/); // the default
         $compileProvider.aHrefSanitizationWhitelist(/other/);
         expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/other/);
       });

diff --git a/test/ng/sanitizeUriSpec.js b/test/ng/sanitizeUriSpec.js
@@ -216,6 +216,9 @@ describe('sanitizeUri', function() {
       testUrl = 'ftp://foo/bar';
       expect(sanitizeHref(testUrl)).toBe('ftp://foo/bar');
 
+      testUrl = 'sftp://foo/bar';
+      expect(sanitizeHref(testUrl)).toBe('sftp://foo/bar');
+
       testUrl = 'mailto:[email protected]';
       expect(sanitizeHref(testUrl)).toBe('mailto:[email protected]');
 

diff --git a/test/ngSanitize/filter/linkySpec.js b/test/ngSanitize/filter/linkySpec.js
@@ -58,6 +58,10 @@ describe('linky', function() {
     expect(linky('HTTP://example.com')).toEqual('<a href="HTTP://example.com">HTTP://example.com</a>');
     expect(linky('HTTPS://www.example.com')).toEqual('<a href="HTTPS://www.example.com">HTTPS://www.example.com</a>');
     expect(linky('HTTPS://example.com')).toEqual('<a href="HTTPS://example.com">HTTPS://example.com</a>');
+    expect(linky('FTP://www.example.com')).toEqual('<a href="FTP://www.example.com">FTP://www.example.com</a>');
+    expect(linky('FTP://example.com')).toEqual('<a href="FTP://example.com">FTP://example.com</a>');
+    expect(linky('SFTP://www.example.com')).toEqual('<a href="SFTP://www.example.com">SFTP://www.example.com</a>');
+    expect(linky('SFTP://example.com')).toEqual('<a href="SFTP://example.com">SFTP://example.com</a>');
   });
 
   it('should handle www.', function() {

diff --git a/test/ngSanitize/sanitizeSpec.js b/test/ngSanitize/sanitizeSpec.js
@@ -270,7 +270,8 @@ describe('HTML', function() {
 
   // See https://github.com/cure53/DOMPurify/blob/a992d3a75031cb8bb032e5ea8399ba972bdf9a65/src/purify.js#L439-L449
   it('should not allow JavaScript execution when creating inert document', inject(function($sanitize) {
-    var doc = $sanitize('<svg><g onload="window.xxx = 100"></g></svg>');
+    $sanitize('<svg><g onload="window.xxx = 100"></g></svg>');
+
     expect(window.xxx).toBe(undefined);
     delete window.xxx;
   }));