Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-1177

Our $compileProvider href sanitization rule overrides Ionic's

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2
    • Fix Version/s: 2.2
    • Component/s: Libraries, Security
    • Labels:
    • Testing Instructions:
      Hide
      1. Install the app on an Android device.
      2. Check that geo:// protocol is still working (participant address).
      3. Additionally, you could call $compileProvider.aHrefSanitizationWhitelist() to check that the list contains all the Ionic protocols along with geo://.
      Show
      Install the app on an Android device. Check that geo:// protocol is still working (participant address). Additionally, you could call $compileProvider.aHrefSanitizationWhitelist() to check that the list contains all the Ionic protocols along with geo://.
    • Affected Branches:
      MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE

      Description

      See ionic.bundle.js:44151

      // Fix for URLs in Cordova apps on Windows Phone
      // http://blogs.msdn.com/b/msdn_answers/archive/2015/02/10/
      // running-cordova-apps-on-windows-and-windows-phone-8-1-using-ionic-angularjs-and-other-frameworks.aspx
      .config(['$compileProvider', function($compileProvider) {
        $compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|tel|ftp|mailto|file|ghttps?|ms-appx|x-wmapp0):/);
        $compileProvider.imgSrcSanitizationWhitelist(/^\s*(https?|ftp|file|content|blob|ms-appx|x-wmapp0):|data:image\//);
      }]);
      

      Assuming there are no race conditions, we would override the config value set by Ionic without notice.

        Attachments

          Activity

            People

            Assignee:
            dpalou Dani Palou
            Reporter:
            fred Frédéric Massart
            Peer reviewer:
            Frédéric Massart
            Integrator:
            Juan Leyva
            Tester:
            Juan Leyva
            Participants:
            Component watchers:
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              10/Sep/15