Skip to content
This repository was archived by the owner on Sep 5, 2024. It is now read-only.

Commit 2ddeb91

Browse files
authored
fix(icon): remove trustAs calls in favor of implicit trust conditions (#9250)
1 parent 9082e4a commit 2ddeb91

File tree

3 files changed

+7
-76
lines changed

3 files changed

+7
-76
lines changed

src/components/icon/icon.spec.js

Lines changed: 2 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -205,12 +205,6 @@ describe('MdIcon directive', function() {
205205
module(function($provide) {
206206
var $mdIconMock = function(id) {
207207

208-
wasLastSvgSrcTrusted = false;
209-
if (!angular.isString(id)) {
210-
id = $sce.getTrustedUrl(id);
211-
wasLastSvgSrcTrusted = true;
212-
}
213-
214208
return {
215209
then: function(fn) {
216210
switch(id) {
@@ -222,8 +216,6 @@ describe('MdIcon directive', function() {
222216
break;
223217
case 'cake.svg' : fn('<svg><g id="cake"></g></svg>');
224218
break;
225-
case 'galactica.svg' : fn('<svg><g id="galactica"></g></svg>');
226-
break;
227219
case 'image:android' : fn('');
228220
break;
229221
default :
@@ -272,17 +264,10 @@ describe('MdIcon directive', function() {
272264
$sce = _$sce_;
273265
}));
274266

275-
it('should mark as trusted static URLs', function() {
276-
el = make('<md-icon md-svg-src="galactica.svg"></md-icon>');
277-
expect(wasLastSvgSrcTrusted).toBe(true);
278-
expect(el[0].innerHTML).toContain('galactica')
279-
});
280-
281267
it('should update mdSvgSrc when attribute value changes', function() {
282268
$scope.url = 'android.svg';
283269
el = make('<md-icon md-svg-src="{{ url }}"></md-icon>');
284270
expect(el.attr('md-svg-src')).toEqual('android.svg');
285-
expect(wasLastSvgSrcTrusted).toBe(false);
286271
$scope.url = 'cake.svg';
287272
$scope.$digest();
288273
expect(el.attr('md-svg-src')).toEqual('cake.svg');
@@ -397,9 +382,8 @@ describe('MdIcon service', function() {
397382
$mdIconProvider
398383
.icon('android' , 'android.svg')
399384
.icon('c2' , 'c2.svg')
400-
.icon('notInTemplateCache', 'http://example.com/not-in-template-cache.svg')
401-
.iconSet('social' , 'social.svg')
402-
.iconSet('emptyIconSet' , 'emptyGroup.svg')
385+
.iconSet('social' , 'social.svg' )
386+
.iconSet('emptyIconSet' , 'emptyGroup.svg' )
403387
.defaultIconSet('core.svg');
404388

405389
$mdIconProvider.icon('missingIcon', 'notfoundicon.svg');
@@ -478,22 +462,6 @@ describe('MdIcon service', function() {
478462

479463
$scope.$digest();
480464
});
481-
482-
it('should treat urls given to the provider as trusted', function() {
483-
$httpBackend.whenGET('http://example.com/not-in-template-cache.svg').respond('');
484-
485-
// For this first icon, we simply expect that this does *not* throw an error,
486-
// since registering it with the provider should mark the URL as explicity trusted.
487-
$mdIcon('notInTemplateCache');
488-
$scope.$apply();
489-
490-
// For this second icon, we expect it to throw an untrusted error because it was not
491-
// registered to the provider.
492-
expect(function() {
493-
$mdIcon('http://example.com/not-configured-in-provider.svg');
494-
$scope.$apply();
495-
}).toThrowError(/\[\$sce:insecurl\]/);
496-
});
497465
});
498466

499467
describe('$mdIcon() is passed a URL', function() {

src/components/icon/js/iconDirective.js

Lines changed: 0 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -221,13 +221,6 @@ function mdIconDirective($mdIcon, $mdTheming, $mdAria, $sce) {
221221
if (attrName) {
222222
// Use either pre-configured SVG or URL source, respectively.
223223
attr.$observe(attrName, function(attrVal) {
224-
225-
// If using svg-src and the value is static (i.e., is exactly equal to the compile-time
226-
// `md-svg-src` value), then it is implicitly trusted.
227-
if (!isInlineSvg(attrVal) && attrVal === originalSvgSrc) {
228-
attrVal = $sce.trustAsResourceUrl(attrVal);
229-
}
230-
231224
element.empty();
232225
if (attrVal) {
233226
$mdIcon(attrVal)
@@ -281,14 +274,4 @@ function mdIconDirective($mdIcon, $mdTheming, $mdAria, $sce) {
281274
}
282275
}
283276
}
284-
285-
/**
286-
* Gets whether the given svg src is an inline ("data:" style) SVG.
287-
* @param {string} svgSrc The svg src.
288-
* @returns {boolean} Whether the src is an inline SVG.
289-
*/
290-
function isInlineSvg(svgSrc) {
291-
var dataUrlRegex = /^data:image\/svg\+xml[\s*;\w\-\=]*?(base64)?,(.*)$/i;
292-
return dataUrlRegex.test(svgSrc);
293-
}
294277
}

src/components/icon/js/iconService.js

Lines changed: 5 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -276,19 +276,13 @@
276276
*
277277
*/
278278

279-
280-
/**
281-
* The configuration for $mdIconProvider. This contains both options for the icon service
282-
* and acts as a map of iconName -> ConfigurationItem (configuration for a single icon).
283-
*/
284-
var config;
279+
var config = {
280+
defaultViewBoxSize: 24,
281+
defaultFontSet: 'material-icons',
282+
fontSets: []
283+
};
285284

286285
function MdIconProvider() {
287-
config = {
288-
defaultViewBoxSize: 24,
289-
defaultFontSet: 'material-icons',
290-
fontSets: []
291-
};
292286
}
293287

294288
MdIconProvider.prototype = {
@@ -410,16 +404,6 @@ function MdIconService(config, $templateRequest, $q, $log, $mdUtil, $sce) {
410404
var svgCache = {};
411405
var urlRegex = /[-\w@:%\+.~#?&//=]{2,}\.[a-z]{2,4}\b(\/[-\w@:%\+.~#?&//=]*)?/i;
412406
var dataUrlRegex = /^data:image\/svg\+xml[\s*;\w\-\=]*?(base64)?,(.*)$/i;
413-
var configUrls = new Set();
414-
415-
// Implicity trust all the icon URLs given to MdIconProvider because they are set during
416-
// Angular's "config" phase, during which the application is not yet in a state where
417-
// user-provided values are generally available.
418-
angular.forEach(config, function(configItem) {
419-
if (angular.isString(configItem.url)) {
420-
configUrls.add(configItem.url);
421-
}
422-
});
423407

424408
Icon.prototype = {clone: cloneSVG, prepare: prepareAndStyle};
425409
getIcon.fontSet = findRegisteredFontSet;
@@ -570,10 +554,6 @@ function MdIconService(config, $templateRequest, $q, $log, $mdUtil, $sce) {
570554
resolve(svgCache[url]);
571555
};
572556

573-
if (configUrls.has(url)) {
574-
url = $sce.trustAsResourceUrl(url);
575-
}
576-
577557
$templateRequest(url, true).then(extractSvg, announceAndReject);
578558
});
579559
}

0 commit comments

Comments
 (0)