New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ngSanitize: camel-cased attributes in SVG accidentally deleted #10779

Closed
cure53 opened this Issue Jan 16, 2015 · 1 comment

Comments

Projects
None yet
2 participants
@cure53
Copy link

cure53 commented Jan 16, 2015

Hi all,

we noticed, that Angular's Sanitize doesn't treat certain SVG attributes properly. SVG allows for camel-cased attribute names. Some of them are white-listed:

// SVG attributes (without "id" and "name" attributes)
// https://wiki.whatwg.org/wiki/Sanitization_rules#svg_Attributes
var svgAttrs = makeMap('accent-height,accumulate,additive,alphabetic,arabic-form,ascent,' +
    'attributeName,attributeType,baseProfile,bbox,begin,by,calcMode,cap-height,class,color,' +
    'color-rendering,content,cx,cy,d,dx,dy,descent,display,dur,end,fill,fill-rule,font-family,' +
    'font-size,font-stretch,font-style,font-variant,font-weight,from,fx,fy,g1,g2,glyph-name,' +
    'gradientUnits,hanging,height,horiz-adv-x,horiz-origin-x,ideographic,k,keyPoints,' +
    'keySplines,keyTimes,lang,marker-end,marker-mid,marker-start,markerHeight,markerUnits,' +
    'markerWidth,mathematical,max,min,offset,opacity,orient,origin,overline-position,' +
    'overline-thickness,panose-1,path,pathLength,points,preserveAspectRatio,r,refX,refY,' +
    'repeatCount,repeatDur,requiredExtensions,requiredFeatures,restart,rotate,rx,ry,slope,stemh,' +
    'stemv,stop-color,stop-opacity,strikethrough-position,strikethrough-thickness,stroke,' +
    'stroke-dasharray,stroke-dashoffset,stroke-linecap,stroke-linejoin,stroke-miterlimit,' +
    'stroke-opacity,stroke-width,systemLanguage,target,text-anchor,to,transform,type,u1,u2,' +
    'underline-position,underline-thickness,unicode,unicode-range,units-per-em,values,version,' +
    'viewBox,visibility,width,widths,x,x-height,x1,x2,xlink:actuate,xlink:arcrole,xlink:role,' +
    'xlink:show,xlink:title,xlink:type,xml:base,xml:lang,xml:space,xmlns,xmlns:xlink,y,y1,y2,' +
    'zoomAndPan');

The code however converts attribute names to lower-case, thereby removes attributes that are on the white-list. We consider that a bug.

        angular.forEach(attrs, function(value, key) {
          var lkey=angular.lowercase(key); // < here!
          var isImage = (tag === 'img' && lkey === 'src') || (lkey === 'background');
          if (validAttrs[lkey] === true &&
            (uriAttrs[lkey] !== true || uriValidator(value, isImage))) {
            out(' ');
            out(key);
            out('="');
            out(encodeEntities(value));
            out('"');
          }
        });

A fix would be to lower-case both white-listed and checked attributes to normalize and solve the problem.

@pkozlowski-opensource

This comment has been minimized.

Copy link
Member

pkozlowski-opensource commented Jan 19, 2015

This is a valid bug, thnx for the report @cure53

hugomn added a commit to hugomn/angular.js that referenced this issue Feb 6, 2015

pkozlowski-opensource added a commit to pkozlowski-opensource/angular.js that referenced this issue Feb 21, 2015

@cure53 cure53 changed the title ngSanitize: camel-cased atributes in SVG accidentally deleted ngSanitize: camel-cased attributes in SVG accidentally deleted Feb 25, 2015

netman92 added a commit to netman92/angular.js that referenced this issue Aug 8, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment