$compileProvider.imgSrcSanitizationWhitelist()

imgSrcSanitizationWhitelist([regexp]);

Retrieves or overrides the default regular expression that is used for whitelisting of safe urls during img[src] sanitization.

The sanitization is a security measure aimed at prevent XSS attacks via html links.

Any url about to be assigned to img[src] via data-binding is first normalized and turned into an absolute url. Afterwards, the url is matched against the imgSrcSanitizationWhitelist regular expression. If a match is found, the original url is written into the dom. Otherwise, the absolute url is prefixed with 'unsafe:' string and only then is it written into the DOM.

Parameters

Param	Type	Details
regexp (optional)	`RegExp`	New regexp to whitelist urls with.

Returns

RegExpng.$compileProvider

Current RegExp if called without value or self for chaining otherwise.

Links:

https://docs.angularjs.org/api/ng/provider/$compileProvider#imgSrcSanitizationWhitelist

doc_AngularJS

2016-03-29 16:10:17

Comments