@@ -772,6 +772,39 @@ function $CompileProvider($provide, $$sanitizeUriProvider) {
772772 if ( ( nodeName === 'A' && ( key === 'href' || key === 'xlinkHref' ) ) ||
773773 ( nodeName === 'IMG' && key === 'src' ) ) {
774774 this [ key ] = value = $$sanitizeUri ( value , key === 'src' ) ;
775+ } else if ( nodeName === 'img' && key === 'srcset' ) {
776+ // sanitize img[srcset] values
777+ var result = "" ;
778+
779+ // first check if there are spaces because it's not the same pattern
780+ var trimmedSrcset = trim ( value ) ;
781+ // ( 999x ,| 999w ,| ,|, )
782+ var srcPattern = / ( \s + \d + x \s * , | \s + \d + w \s * , | \s + , | , \s + ) / ;
783+ var pattern = / \s / . test ( trimmedSrcset ) ? srcPattern : / ( , ) / ;
784+
785+ // split srcset into tuple of uri and descriptor except for the last item
786+ var rawUris = trimmedSrcset . split ( pattern ) ;
787+
788+ // for each tuples
789+ var nbrUrisWith2parts = Math . floor ( rawUris . length / 2 ) ;
790+ for ( var i = 0 ; i < nbrUrisWith2parts ; i ++ ) {
791+ var innerIdx = i * 2 ;
792+ // sanitize the uri
793+ result += $$sanitizeUri ( trim ( rawUris [ innerIdx ] ) , true ) ;
794+ // add the descriptor
795+ result += ( " " + trim ( rawUris [ innerIdx + 1 ] ) ) ;
796+ }
797+ // split the last item into uri and descriptor
798+ var lastTuple = trim ( rawUris [ i * 2 ] ) . split ( / \s / ) ;
799+
800+ // sanitize the last uri
801+ result += $$sanitizeUri ( trim ( lastTuple [ 0 ] ) , true ) ;
802+
803+ // and add the last descriptor if any
804+ if ( lastTuple . length === 2 ) {
805+ result += ( " " + trim ( lastTuple [ 1 ] ) ) ;
806+ }
807+ this [ key ] = value = result ;
775808 }
776809
777810 if ( writeAttr !== false ) {
0 commit comments