Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

fix($compile): sanitize special chars in directive name #16314

Merged
merged 6 commits into from
Nov 17, 2017
Merged

fix($compile): sanitize special chars in directive name #16314

merged 6 commits into from
Nov 17, 2017

Conversation

curlydevil
Copy link
Contributor

What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
Fix for

What is the current behavior? (You can also link to an open issue here)
In HTML markup only directive name's x- and data- prefixes are being sanitized. (#16278)

What is the new behavior (if this is a feature change)?
Also special chars are being sanitized, e.g. <div _t></div> will match t directive once again

Does this PR introduce a breaking change?
Should not

Please check if the PR fulfills these requirements

Other information:
@petebacondarwin suggested to update the regex, and I hope that I did it in a way he was thinking about it.

@googlebot
Copy link

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for the commit author(s). If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and have the pull request author add another comment and the bot will run again.

1 similar comment
@googlebot
Copy link

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for the commit author(s). If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and have the pull request author add another comment and the bot will run again.

@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch from f45484a to 3ba25d6 Compare November 1, 2017 13:36
@googlebot
Copy link

CLAs look good, thanks!

1 similar comment
@googlebot
Copy link

CLAs look good, thanks!

@googlebot googlebot added cla: yes and removed cla: no labels Nov 1, 2017
@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch 3 times, most recently from c42eccd to 7c2e14b Compare November 1, 2017 14:48
@Narretz
Copy link
Contributor

Narretz commented Nov 1, 2017

There some test failures with jquery: https://travis-ci.org/angular/angular.js/jobs/295785053

@curlydevil
Copy link
Contributor Author

@Narretz yes, I'm trying to understand why I have them passing locally at 4 browsers but not in CI...

@Narretz
Copy link
Contributor

Narretz commented Nov 1, 2017

Are you sure you are running tests:jquery?

@curlydevil
Copy link
Contributor Author

curlydevil commented Nov 1, 2017
edited
Loading

I was running grunt autotest to check in several browsers, and whole grunt test before push...
I know what fails but I dunno why it fails in CI... the failing part is <_t></_t> test case... without it everything else passes in CI.

@petebacondarwin
Copy link
Contributor

I wonder if it is trying to convert _t to T when it should be t or vice versa?

@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch from 7c2e14b to 5e859dd Compare November 2, 2017 07:07
@curlydevil
Copy link
Contributor Author

curlydevil commented Nov 2, 2017
edited
Loading

Checked how <_t></_t> behaves with 1.5.x - looks like it did not work this way, so I've dropped corresponding test, just leaving it as an A restriction check.

@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch from 5e859dd to 18226ee Compare November 2, 2017 07:12
@curlydevil
Copy link
Contributor Author

Doh... Error: Error updating Sauce pass/fail status: 'Could not send request: connect ETIMEDOUT 162.222.75.227:443'
Is there a possibility to restart single stage or the branch build?

@curlydevil
fix($compile): special chars are sanitized from directive name in markup
6a20b35 
this fixes bug introduced in 1.6.x
when directive name with preceeding special char
in HTML markup does not match the registered name
@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch from 18226ee to 6a20b35 Compare November 2, 2017 09:50
@Narretz
Copy link
Contributor

Narretz commented Nov 2, 2017

Checked how <_t></_t> behaves with 1.5.x - looks like it did not work this way, so I've dropped corresponding test, just leaving it as an A restriction check.

Aren't we creating an inconsistent and undocumented behavior? Because afaik there's nothing about the handling of special characters at the start of a directive name in the docs.
Imo this looks like it was never explicitly supported, and if we support it it should be consistent and documented.

The docs:

The normalization process is as follows:
Strip x- and data- from the front of the element/attributes.
Convert the :, -, or _-delimited name to camelCase.

It doesn't say that :, -, or _ are stripped from the front.

gkalpak
gkalpak suggested changes Nov 2, 2017
View reviewed changes
src/ng/compile.js Outdated
@@ -3637,7 +3637,7 @@ function SimpleChange(previous, current) {
SimpleChange.prototype.isFirstChange = function() { return this.previousValue === _UNINITIALIZED_VALUE; };


var PREFIX_REGEXP = /^((?:x|data)[:\-_])/i;
var PREFIX_REGEXP = /^((?:x|data)*[:\-_])/i;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The * is wrong. Use ? instead.

Copy link
Member

@gkalpak gkalpak Nov 2, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, PREFIX_REGEXP is used to process ng-attr- attributes (here) and this change affects that too.
IMO, this PR should restore the behavior of directiveNormalize() pre- 73050cd and not affect anything else.

@Narretz Narretz added this to the 1.6.7 milestone Nov 3, 2017
@curlydevil
Copy link
Contributor Author

@gkalpak looking through usage of new function, its implementation is actually correct for CSS, so changing it back might break the desired behaviour there... should I add yet another camelcasing method?

gkalpak
gkalpak reviewed Nov 6, 2017
View reviewed changes
src/ng/compile.js Outdated
.replace(SPECIAL_CHARS_REGEXP, function(_, separator, letter, offset) {
return offset ? letter.toUpperCase() : letter;
})
.replace(MOZ_HACK_REGEXP, 'Moz$1');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AFAICT, this was only necessary for CSS, so we don't need it here any more.

src/ng/compile.js Outdated
* Also there is special case for Moz prefix starting with upper case letter.
* @param name Name to normalize
*/
function camelCase(name) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this function is only used in directiveNormalize() it makes sense to inline the code there.

@gkalpak
Copy link
Member

gkalpak commented Nov 6, 2017

should I add yet another camelcasing method?

More or less. I.e. you just need to update directiveNormalize() to have the desired behavior (i.e. the bahavior it had for normalizing directive names before 73050cd.

@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch from b6fdcde to e126f72 Compare November 8, 2017 18:07
@googlebot
Copy link

CLAs look good, thanks!

1 similar comment
@googlebot
Copy link

CLAs look good, thanks!

@googlebot googlebot added cla: yes and removed cla: no labels Nov 8, 2017
@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch from e126f72 to e6d2439 Compare November 9, 2017 10:08
Narretz
Narretz reviewed Nov 9, 2017
View reviewed changes
test/ng/compileSpec.js Outdated
@@ -294,6 +294,26 @@ describe('$compile', function() {
inject(function($compile) {});
});

it('should omit special chars before processing directive name', function() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this applies only to directives with restrict: 'A', then the test description should reflect that. Maybe even link to this issue in a comment.

@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch 6 times, most recently from 273021a to ca546c8 Compare November 10, 2017 11:30
@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch from ca546c8 to a3a91aa Compare November 12, 2017 18:01
@curlydevil
Copy link
Contributor Author

@Narretz @gkalpak @petebacondarwin any other ideas for improvement?

gkalpak
gkalpak suggested changes Nov 13, 2017
View reviewed changes
test/ng/compileSpec.js Outdated
});
});
inject(function($compile, $rootScope, log) {
element = $compile('<div _t></div>')($rootScope);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The element = parts are redundant.

test/ng/compileSpec.js Outdated
@@ -294,6 +294,27 @@ describe('$compile', function() {
inject(function($compile) {});
});

it('should omit special chars before processing attribute directive name', function() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would change "omit" to "ignore", because I think it bettr describes the behavior.

@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch 2 times, most recently from 4ecd741 to adc359f Compare November 14, 2017 10:55
@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch 3 times, most recently from 22c40fb to fc0811f Compare November 15, 2017 08:26
@curlydevil curlydevil force-pushed the compile-service-should-omit-special-chars-from-directive-name branch from fc0811f to b8807dc Compare November 15, 2017 08:48
@Narretz Narretz merged commit 12cf994 into angular:master Nov 17, 2017
Narretz pushed a commit that referenced this pull request Nov 17, 2017
@curlydevil @Narretz
fix($compile): sanitize special chars in directive name
c4003fd 
This fixes regression bug
when directive name with preceeding special char
in HTML markup does not match the registered name.
(introduced in 73050cd)

Closes #16314
Closes #16278
@curlydevil curlydevil deleted the compile-service-should-omit-special-chars-from-directive-name branch November 22, 2017 14:08
@dependencies dependencies bot mentioned this pull request Dec 5, 2017
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Narretz Narretz Narretz left review comments

@gkalpak gkalpak gkalpak approved these changes

Assignees
No one assigned
Labels
cla: yes severity: regression
Projects
None yet
Milestone
1.6.7
Development

Successfully merging this pull request may close these issues.
5 participants
@curlydevil @googlebot @Narretz @petebacondarwin @gkalpak