角度不安全的链接 [英] unsafe link in angular
问题描述
在 AngularJS 中,在以下场景中,Firefox 将 unsafe: 放在以以下方式生成的 url 前面.然后它显示一个错误页面,上面写着地址不被理解".这是我本地 PC 上的文件请求.
链接:
<a href="{{fruit.link }}">{{fruit.title }}</a> 数组:
$scope.fruits = [{ "title" : "橙色",链接":fruits_orange.html"}];您正在看到此提交的副作用:https://github.com/angular/angular.js/commit/95322234bf1c408af9453f2a2a2a6f95322234bf1c408af94853f2a2a2a2a6532a安全隐患.
此提交为以 file:// 开头的 url 引入了非向后兼容更改(随后在 https://github.com/angular/angular.js/commit/7b236b29aa3a6f6dfe722815e0a2667d9b7
我假设您使用的是 1.0.5 或 1.1.3 AngularJS 版本之一.如果是这样,您可以通过像这样配置 $compileProvider 来重新启用对 file:// URL 的支持:
angular.module('myModule', [], function ($compileProvider) {$compileProvider.urlSanitizationWhitelist(/^\s*(https?|ftp|mailto|file):/);});或在 Angular 1.2.8 及更高版本中:
angular.module('myModule', [], function ($compileProvider) {$compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|ftp|mailto|file):/);});In AngularJS, in the following scenario, Firefox puts unsafe: in front of urls that are generated in the following fashion. It then display an error-page saying "The address wasn't understood". This is a file request on my local PC.
Link:
<li ng-repeat="fruit in fruits">
<a href="{{ fruit.link }}">{{ fruit.title }}</a>
</li>
Array:
$scope.fruits = [
{ "title" : "Orange",
"link" : "fruits_orange.html" }
];
You are seeing side-effect of this commit: https://github.com/angular/angular.js/commit/9532234bf1c408af9a6fd2c4743fdb585b920531 that aims at addressing some security hazards.
This commit introduced a non-backward compatible change for urls starting with file:// (it was subsequently relaxed in https://github.com/angular/angular.js/commit/7b236b29aa3a6f6dfe722815e0a2667d9b7f0899
I assume that you are using one of 1.0.5 or 1.1.3 AngularJS versions. If so you can re-enable support for the file:// URLs by configuring $compileProvider like so:
angular.module('myModule', [], function ($compileProvider) {
$compileProvider.urlSanitizationWhitelist(/^\s*(https?|ftp|mailto|file):/);
});
Or in Angular 1.2.8 and above:
angular.module('myModule', [], function ($compileProvider) {
$compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|ftp|mailto|file):/);
});
这篇关于角度不安全的链接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
