$compileProvider.aHrefSanitizationWhitelist()

aHrefSanitizationWhitelist([regexp]);

Retrieves or overrides the default regular expression that is used for whitelisting of safe urls during a[href] sanitization.

The sanitization is a security measure aimed at preventing XSS attacks via html links.

Any url about to be assigned to a[href] via data-binding is first normalized and turned into an absolute url. Afterwards, the url is matched against the aHrefSanitizationWhitelist regular expression. If a match is found, the original url is written into the dom. Otherwise, the absolute url is prefixed with 'unsafe:' string and only then is it written into the DOM.

Parameters

Param Type Details
regexp
(optional)
RegExp

New regexp to whitelist urls with.

Returns

RegExpng.$compileProvider

Current RegExp if called without value or self for chaining otherwise.

doc_AngularJS
2016-03-29 16:10:16
Comments
Leave a Comment

Please login to continue.