在角不安全链接 [英] unsafe link in angular
问题描述
在AngularJS,在以下情况下,Firefox让不安全:
在那些以下列方式生成的URL的前面。然后,它显示一个错误页说:地址不被理解。这是我的本地PC上的文件要求。
链接:
<李NG重复=水果水果>
&所述; A HREF ={{fruit.link}}> {{fruit.title}}&下; / A>
< /李>
数组:
$ scope.fruits = [
{称号:橙,
链接:fruits_orange.html}
];
您所看到的这种副作用承诺:
<一href=\"https://github.com/angular/angular.js/commit/9532234bf1c408af9a6fd2c4743fdb585b920531\">https://github.com/angular/angular.js/commit/9532234bf1c408af9a6fd2c4743fdb585b920531其目的在于解决一些安全隐患。
本次提交开始文件URL的非向后兼容的改变://
(这是随后<轻松href=\"https://github.com/angular/angular.js/commit/7b236b29aa3a6f6dfe722815e0a2667d9b7f0899\">https://github.com/angular/angular.js/commit/7b236b29aa3a6f6dfe722815e0a2667d9b7f0899
我假设你正在使用一个或1.0.5 1.1.3 AngularJS版本。如果这样你就可以重新启用的支持文件://
网址,通过配置 $ compileProvider
像这样:
angular.module(MyModule的,[],功能($ compileProvider){ $ compileProvider.urlSanitizationWhitelist(/ ^ \\ S *(HTTPS | FTP |上一篇|文件):/?);});
或在角1.2.8及以上版本:
angular.module(MyModule的,[],功能($ compileProvider){ $ compileProvider.aHrefSanitizationWhitelist(/ ^ \\ S *(HTTPS | FTP |上一篇|文件):/?);});
In AngularJS, in the following scenario, Firefox puts unsafe:
in front of urls that are generated in the following fashion. It then display an error-page saying "The address wasn't understood". This is a file request on my local PC.
Link:
<li ng-repeat="fruit in fruits">
<a href="{{ fruit.link }}">{{ fruit.title }}</a>
</li>
Array:
$scope.fruits = [
{ "title" : "Orange",
"link" : "fruits_orange.html" }
];
You are seeing side-effect of this commit: https://github.com/angular/angular.js/commit/9532234bf1c408af9a6fd2c4743fdb585b920531 that aims at addressing some security hazards.
This commit introduced a non-backward compatible change for urls starting with file://
(it was subsequently relaxed in https://github.com/angular/angular.js/commit/7b236b29aa3a6f6dfe722815e0a2667d9b7f0899
I assume that you are using one of 1.0.5 or 1.1.3 AngularJS versions. If so you can re-enable support for the file://
URLs by configuring $compileProvider
like so:
angular.module('myModule', [], function ($compileProvider) {
$compileProvider.urlSanitizationWhitelist(/^\s*(https?|ftp|mailto|file):/);
});
Or in Angular 1.2.8 and above:
angular.module('myModule', [], function ($compileProvider) {
$compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|ftp|mailto|file):/);
});
这篇关于在角不安全链接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!