Permalink
Browse files
fix(ngSanitize): Blacklist the attribute `usemap`
Given that the attribute `name` is blacklisted, the attribute `usemap` should be
blacklisted too.
Closes: ##13826
- Loading branch information
Showing
with
2 additions
and
1 deletion.
-
+1
−1
src/ngSanitize/sanitize.js
-
+1
−0
test/ngSanitize/sanitizeSpec.js
|
|
@@ -254,7 +254,7 @@ var validElements = angular.extend({}, |
|
|
optionalEndTagElements); |
|
|
|
|
|
//Attributes that have href and hence need to be sanitized |
|
|
var uriAttrs = toMap("background,cite,href,longdesc,src,usemap,xlink:href"); |
|
|
var uriAttrs = toMap("background,cite,href,longdesc,src,xlink:href"); |
|
|
|
|
|
var htmlAttrs = toMap('abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,' + |
|
|
'color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,' + |
|
|
|
|
|
@@ -153,6 +153,7 @@ describe('HTML', function() { |
|
|
|
|
|
it('should remove unsafe value', function() { |
|
|
expectHTML('<a href="javascript:alert()">').toEqual('<a></a>'); |
|
|
expectHTML('<img src="foo.gif" usemap="#foomap">').toEqual('<img src="foo.gif">'); |
|
|
}); |
|
|
|
|
|
it('should handle self closed elements', function() { |
|
|
|
