feat($sniffer): auto detect CSP mode

Chrome Canary now has CSP with apis that allow auto-detection. This change will turn on CSP mode automatically when we detect its presence. https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-interfaces--experimental
angular · Aug 10, 2012 · 167aa0c · 167aa0c
1 parent 4ccd9eb
commit 167aa0c
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 13 deletions.
diff --git a/src/ng/sniffer.js b/src/ng/sniffer.js
@@ -5,6 +5,7 @@
  *
  * @name ng.$sniffer
  * @requires $window
+ * @requires $document
  *
  * @property {boolean} history Does the browser support html5 history api ?
  * @property {boolean} hashchange Does the browser support hashchange event ?
@@ -13,9 +14,10 @@
  * This is very simple implementation of testing browser's features.
  */
 function $SnifferProvider() {
-  this.$get = ['$window', function($window) {
+  this.$get = ['$window', '$document', function($window, $document) {
     var eventSupport = {},
-        android = int((/android (\d+)/.exec(lowercase($window.navigator.userAgent)) || [])[1]);
+        android = int((/android (\d+)/.exec(lowercase($window.navigator.userAgent)) || [])[1]),
+        document = $document[0];
 
     return {
       // Android has history.pushState, but it does not update location correctly
@@ -25,22 +27,21 @@ function $SnifferProvider() {
       history: !!($window.history && $window.history.pushState && !(android < 4)),
       hashchange: 'onhashchange' in $window &&
                   // IE8 compatible mode lies
-                  (!$window.document.documentMode || $window.document.documentMode > 7),
+                  (!document.documentMode || document.documentMode > 7),
       hasEvent: function(event) {
         // IE9 implements 'input' event it's so fubared that we rather pretend that it doesn't have
         // it. In particular the event is not fired when backspace or delete key are pressed or
         // when cut operation is performed.
         if (event == 'input' && msie == 9) return false;
 
         if (isUndefined(eventSupport[event])) {
-          var divElm = $window.document.createElement('div');
+          var divElm = document.createElement('div');
           eventSupport[event] = 'on' + event in divElm;
         }
 
         return eventSupport[event];
       },
-      // TODO(i): currently there is no way to feature detect CSP without triggering alerts
-      csp: false
+      csp: document.SecurityPolicy ? document.SecurityPolicy.isActive() : false
     };
   }];
 }
diff --git a/test/ng/logSpec.js b/test/ng/logSpec.js
@@ -6,7 +6,7 @@ describe('$log', function() {
 
 
   beforeEach(module(function($provide){
-    $window = {navigator: {}};
+    $window = {navigator: {}, document: {}};
     logger = '';
     log = function() { logger+= 'log;'; };
     warn = function() { logger+= 'warn;'; };

diff --git a/test/ng/snifferSpec.js b/test/ng/snifferSpec.js
@@ -2,9 +2,10 @@
 
 describe('$sniffer', function() {
 
-  function sniffer($window) {
+  function sniffer($window, $document) {
     $window.navigator = {};
-    return new $SnifferProvider().$get[1]($window);
+    $document = jqLite($document || {});
+    return new $SnifferProvider().$get[2]($window, $document);
   }
 
   describe('history', function() {
@@ -20,15 +21,15 @@ describe('$sniffer', function() {
 
   describe('hashchange', function() {
     it('should be true if onhashchange property defined', function() {
-      expect(sniffer({onhashchange: true, document: {}}).hashchange).toBe(true);
+      expect(sniffer({onhashchange: true}, {}).hashchange).toBe(true);
     });
 
     it('should be false if onhashchange property not defined', function() {
-      expect(sniffer({document: {}}).hashchange).toBe(false);
+      expect(sniffer({}, {}).hashchange).toBe(false);
     });
 
     it('should be false if documentMode is 7 (IE8 comp mode)', function() {
-      expect(sniffer({onhashchange: true, document: {documentMode: 7}}).hashchange).toBe(false);
+      expect(sniffer({onhashchange: true}, {documentMode: 7}).hashchange).toBe(false);
     });
   });
 
@@ -42,7 +43,7 @@ describe('$sniffer', function() {
         if (elm === 'div') return mockDivElement;
       });
 
-      $sniffer = sniffer({document: mockDocument});
+      $sniffer = sniffer({}, mockDocument);
     });
 
 
@@ -78,4 +79,21 @@ describe('$sniffer', function() {
       expect($sniffer.hasEvent('input')).toBe((msie == 9) ? false : true);
     });
   });
+
+
+  describe('csp', function() {
+    it('should be false if document.SecurityPolicy.isActive not available', function() {
+      expect(sniffer({}, {}).csp).toBe(false);
+    });
+
+
+    it('should use document.SecurityPolicy.isActive() if available', function() {
+      var createDocumentWithCSP = function(csp) {
+        return {SecurityPolicy: {isActive: function() {return csp;}}};
+      };
+
+      expect(sniffer({}, createDocumentWithCSP(false)).csp).toBe(false);
+      expect(sniffer({}, createDocumentWithCSP(true)).csp).toBe(true);
+    });
+  });
 });