fix(typeahead): Typeahead uses ngSanitize when present #3463
Conversation
| } | ||
|
|
||
| return function(matchItem, query) { | ||
| return query ? ('' + matchItem).replace(new RegExp(escapeRegexp(query), 'gi'), '<strong>$&</strong>') : matchItem; | ||
| if($sanitize) { // Is the $sanitize service available? | ||
| if(/<.*>/g.test(matchItem)){ |
There was a problem hiding this comment.
I think this check isn't required. It's safe to $sanitize something even if it doesn't contain any HTML tags.
|
Did a review. Good work here. Also, PR needs rebasing. |
|
Hi @chrisirhc |
|
Can't be merged at present |
|
@karianna I'm sorry, I'm kind of new to this, can I or should I do something about that? |
|
@fernando-sendMail you'll need to rebase, e.g.
YMMV here, others rebase in different ways :-). |
|
@karianna Thanks for the info! |
| @@ -18,6 +18,7 @@ module.exports = function(config) { | |||
| 'misc/test-lib/jquery-1.8.2.min.js', | |||
| 'node_modules/angular/angular.js', | |||
| 'node_modules/angular-mocks/angular-mocks.js', | |||
| 'misc/test-lib/angular-sanitize.js', | |||
There was a problem hiding this comment.
Should change this to use node_modules/angular-sanitize/angular-sanitize.js and modify package.json to include angular-sanitize as a module since we changed this in 5536e96 so that we don't need to include the angular files in this repository.
|
Thanks @fernando-sendMail for your work on this, I did some further review. |
|
Also note, should remove typeahead's dependency on |
|
@chrisirhc Thanks for the review, I'll be working on this over the week. |
|
Hey @chrisirhc I committed the latest stuff with the fixes and modifications to the test. |
|
@wesleycho Sure, I'll work on that. |
fernando-sendMail
force-pushed
the
issue-2884
branch
from
be28195
to
69246f8
Compare
|
Hey @wesleycho I think I resolved all the conflicts, the PR is ready for review again |
|
Can you squash into one commit @fernando-sendMail ? |
| @@ -1,38 +1,37 @@ | |||
| { | |||
| "author": "https://github.com/angular-ui/bootstrap/graphs/contributors", | |||
| "name": "angular-ui-bootstrap", | |||
| "version": "0.13.4-SNAPSHOT", | |||
| "version": "0.13.0-SNAPSHOT", | |||
There was a problem hiding this comment.
Revert all changes to this file excepting the addition of angular-sanitize
|
With these minor reverts/changes, this should be good to merge. Squashing the commits makes it easier to replay the change on top of |
fernando-sendMail
force-pushed
the
issue-2884
branch
from
c220da5
to
844d376
Compare
|
Hey @wesleycho I tried using |
|
You can do |
|
Keep in mind once you do this, you will have to force push to the remote to overwrite the history with the new version. |
fernando-sendMail
force-pushed
the
issue-2884
branch
from
ad6dd18
to
4a3ccf7
Compare
fernando-sendMail
force-pushed
the
issue-2884
branch
2 times, most recently
from
8a66fd9
to
12292bb
Compare
fernando-sendMail
force-pushed
the
issue-2884
branch
from
08a18f3
to
5a41d48
Compare
|
@wesleycho Finally I've made it, it's ready for review again. |
|
Thanks a lot for sticking with it through the time, this is good work! |
|
No problem, thanks a lot for the support guys!
|
Hey there!
This pull request addresses the issue #2884 which mentions the use of the attribute of
bind-html-unsafeattribute in the defaulttemplate/typeahead/typeahead-match.html.So basically, I changed a little the testing process, considering what @chrisirhc said about the fix, here's the implemented solution:
angular-sanitize.jsdependency to themisc/test-lib/folder (theangular-sanitize.jsis the same version as theangular.jsincluded).karma.conf.jsfile to add this dependency.distfolder.typeaheadHilghlightfilter:$sanitizeis available to use, if not then a warning is printed to the console using the$logservice, this will happen when the filer is requested by angular. ThengSanitizecan be imported as part of the module that's using thetypeaheaddirective. The reason of why thengSanitizemodule is not imported directly on theui.bootstrap.typeaheadmodule is because it will add another dependency to the project, needless to say it will not work if not present.$sanitizeis present it will use it to sanitize the string itself if it contains any sequence of<followed byany combination of chars, and an ending>, if not, then the string is wrapped in an object thatng-bind-htmlneed to be displayed with the$sce.trustAsHtmlmethod.<strong>tags are added to the matched characters.src/typeahead/test/typeahead-highlight.spec.jsthe returned value of the filter need to be unwrapped.src/typeahead/test/typeahead-highlight-ngsanitize.spec.js) that will include thengSanitizemodule and test that tags and attributes are being escaped.And that's it, I think that's all.
I'm looking forward to your feedback and comments. Thanks!