Sp trusted

bower.json

@@ -1,10 +1,11 @@
 {
-    "name": "SpectingularJS",
-    "version": "0.0.0",
-    "devDependencies": {
-        "angular": "~1.2.16",
-        "angular-mocks": "~1.2.16",
-        "bootstrap": "~3.1.1",
-        "jasmine-jquery": "~2.0.3"
+  "name": "SpectingularJS",
+  "version": "0.0.0",
+  "devDependencies": {
+    "angular": "~1.2.16",
+    "angular-sanitize": "~1.2.16",
+    "angular-mocks": "~1.2.16",
+    "bootstrap": "~3.1.1",
+    "jasmine-jquery": "~2.0.3"
     }
 }

config/karma.conf.js

@@ -5,6 +5,7 @@ module.exports = function (config) {
             files: [
                 'bower_components/jquery/dist/jquery.min.js',
                 'bower_components/angular/angular.min.js',
+                'bower_components/angular-sanitize/angular-sanitize.min.js',
                 'bower_components/angular-mocks/angular-mocks.js',
                 'src/sp/**/sp.js',
                 'src/sp/**/*.js',

src/sp/utility/spTrusted.js

@@ -0,0 +1,35 @@
+'use strict';
+
+/**
+ * @ngdoc filter
+ * @name sp.utility.filter:spTrusted
+ *
+ * @description
+ * Filter for trusting html.
+ *
+ * @example
+ <example module="spTrustedExample">
+    <file name="index.html">
+       <div ng-controller="ctrl">
+          <h3>trusted</h3>
+          <div ng-bind-html="snippet | spTrusted"></div>
+          <h3>untrusted</h3>
+          <div ng-bind-html="snippet"></div>
+       </div>
+    </file>
+
+    <file name="scripts.js">
+       angular.module('spTrustedExample', ['sp.utility']).
+          controller('ctrl', function($scope) {
+             $scope.snippet = '<p style="color:blue">an html\n<em onmouseover="this.textContent=\'PWN3D!\'">hover</em>\nsnippet</p>';
+          });
+ </file>
+ </example>
+ **/
+
+angular.module('sp.utility')
+    .filter('spTrusted', ['$sce', function ($sce) {
+        return function (text) {
+            return $sce.trustAsHtml(text);
+        };
+    }]);

test/mocks/sp/i18n/spPropertiesMock.js

@@ -1,4 +1,4 @@
-var mocks = {
+var spPropertiesMocks = {
     locales: {
         enUs: 'en-us',
         nlNl: 'nl-nl',
@@ -29,5 +29,5 @@ var mocks = {
 };
 
 module.exports = {
-    mocks: mocks
+    spPropertiesMocks: spPropertiesMocks
 };

test/mocks/sp/utility/spTrustedMock.js

@@ -0,0 +1,9 @@
+var spTrustedMocks = {
+    snippet: '<p style="color:blue">an html\n<em onmouseover="this.textContent=\'PWN3D!\'">hover</em>\nsnippet</p>',
+    unsafe: 'this.textContent=\'PWN3D!\'',
+    safe: ''
+};
+
+module.exports = {
+    spTrustedMocks: spTrustedMocks
+};

test/protractor/sp/i18n/spProperties.html

@@ -13,17 +13,17 @@
     <script type="text/javascript">
         angular.module("spProperties", ['sp.i18n']).
                 config(function (spPropertiesProvider) {
-                    spPropertiesProvider.add('identifier', mocks.properties.enUs, mocks.locales.enUs);
-                    spPropertiesProvider.add('identifier', mocks.properties.nlNl, mocks.locales.nlNl);
-                    spPropertiesProvider.add('identifier', mocks.properties.de, mocks.locales.de);
+                    spPropertiesProvider.add('identifier', spPropertiesMocks.properties.enUs, spPropertiesMocks.locales.enUs);
+                    spPropertiesProvider.add('identifier', spPropertiesMocks.properties.nlNl, spPropertiesMocks.locales.nlNl);
+                    spPropertiesProvider.add('identifier', spPropertiesMocks.properties.de, spPropertiesMocks.locales.de);
                 }).
                 controller('ctrl', ['$scope', 'spProperties', function ($scope, spProperties) {
-                    $scope.enUsProperties = spProperties.properties('identifier', mocks.locales.enUs);
-                    $scope.enUsProperty = spProperties.property('identifier', 'KEY_0001', mocks.locales.enUs);
-                    $scope.nlNlProperties = spProperties.properties('identifier', mocks.locales.nlNl);
-                    $scope.nlNlProperty = spProperties.property('identifier', 'KEY_0001', mocks.locales.nlNl);
-                    $scope.deProperties = spProperties.properties('identifier', mocks.locales.de);
-                    $scope.deProperty = spProperties.property('identifier', 'KEY_0001', mocks.locales.de);
+                    $scope.enUsProperties = spProperties.properties('identifier', spPropertiesMocks.locales.enUs);
+                    $scope.enUsProperty = spProperties.property('identifier', 'KEY_0001', spPropertiesMocks.locales.enUs);
+                    $scope.nlNlProperties = spProperties.properties('identifier', spPropertiesMocks.locales.nlNl);
+                    $scope.nlNlProperty = spProperties.property('identifier', 'KEY_0001', spPropertiesMocks.locales.nlNl);
+                    $scope.deProperties = spProperties.properties('identifier', spPropertiesMocks.locales.de);
+                    $scope.deProperty = spProperties.property('identifier', 'KEY_0001', spPropertiesMocks.locales.de);
                 }]);
     </script>
 </head>

test/protractor/sp/i18n/spPropertiesSpec.js

@@ -1,5 +1,5 @@
 'use strict';
-var mocks = require('../../../mocks/sp/i18n/spPropertiesMock').mocks;
+var mocks = require('../../../mocks/sp/i18n/spPropertiesMock').spPropertiesMocks;
 
 describe('spProperties', function () {
     beforeEach(function() {

test/protractor/sp/utility/spTrusted.html

@@ -0,0 +1,28 @@
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <title>spTrusted Spec</title>
+    <script src="/bower_components/jquery/dist/jquery.min.js"></script>
+    <script src="/bower_components/angular/angular.js"></script>
+    <script src="/bower_components/angular-sanitize/angular-sanitize.js"></script>
+    <script src="/src/sp/sp.js"></script>
+    <script src="/src/sp/utility/spTrusted.js"></script>
+
+    <script type="text/javascript">
+        angular.module("spTrusted", ['sp.utility']).
+                controller('ctrl', ['$scope', function ($scope) {
+                    $scope.snippet = '<p style="color:blue">an html\n<em onmouseover="this.textContent=\'PWN3D!\'">hover</em>\nsnippet</p>';
+                }]);
+    </script>
+</head>
+<body ng-app="spTrusted">
+<div ng-controller="ctrl">
+    trusted:<br/>
+    <div id="trusted" ng-bind-html="snippet | spTrusted"></div><br/>
+
+    untrusted:<br/>
+    <div id="untrusted" ng-bind-html="snippet"></div><br/>
+</div>
+</body>
+</html>

test/protractor/sp/utility/spTrustedSpec.js

@@ -0,0 +1,17 @@
+'use strict';
+
+var mocks = require('../../../mocks/sp/utility/spTrustedMock').spTrustedMocks;
+
+describe('spTrusted filter', function () {
+    beforeEach(function () {
+        browser.get('/test/protractor/sp/utility/spTrusted.html');
+    });
+
+    it('should trust unsafe html', function () {
+        expect(element(by.id('trusted')).element(by.tagName('em')).getAttribute('onmouseover')).toEqual(mocks.unsafe);
+    });
+
+    it('should not trust unsafe html', function () {
+        expect(element(by.id('untrusted')).getInnerHtml()).toEqual(mocks.safe);
+    });
+});

test/unit/sp/i18n/spPropertiesSpec.js

@@ -6,27 +6,27 @@ describe('properties', function () {
 
     angular.module("prop1", ['sp.i18n']).
         config(function (spPropertiesProvider) {
-            spPropertiesProvider.add('identifier1', mocks.properties.enUs, mocks.locales.enUs);
-            spPropertiesProvider.add('identifier1', mocks.properties.nlNl, mocks.locales.nlNl);
+            spPropertiesProvider.add('identifier1', spPropertiesMocks.properties.enUs, spPropertiesMocks.locales.enUs);
+            spPropertiesProvider.add('identifier1', spPropertiesMocks.properties.nlNl, spPropertiesMocks.locales.nlNl);
         });
 
     angular.module("prop2", ['sp.i18n']).
         config(function (spPropertiesProvider) {
-            spPropertiesProvider.add('identifier2', mocks.properties.de, mocks.locales.de);
+            spPropertiesProvider.add('identifier2', spPropertiesMocks.properties.de, spPropertiesMocks.locales.de);
         });
 
     angular.module("prop3", ['sp.i18n']).
         config(function (spPropertiesProvider) {
-            spPropertiesProvider.add('identifier3', mocks.properties.enUs, mocks.locales.enUs);
-            spPropertiesProvider.add('identifier3', mocks.properties.nlNl, mocks.locales.nlNl);
-            spPropertiesProvider.add('identifier3', mocks.properties.de, mocks.locales.de);
+            spPropertiesProvider.add('identifier3', spPropertiesMocks.properties.enUs, spPropertiesMocks.locales.enUs);
+            spPropertiesProvider.add('identifier3', spPropertiesMocks.properties.nlNl, spPropertiesMocks.locales.nlNl);
+            spPropertiesProvider.add('identifier3', spPropertiesMocks.properties.de, spPropertiesMocks.locales.de);
         });
 
     angular.module("prop", ['prop1', 'prop2', 'prop3']).
         config(function (spPropertiesProvider) {
-            spPropertiesProvider.add('identifier3', {'KEY_0003': mocks.overrides.enUs}, mocks.locales.enUs);
-            spPropertiesProvider.add('identifier3', {'KEY_0003': mocks.overrides.nlNl}, mocks.locales.nlNl);
-            spPropertiesProvider.add('identifier3', {'KEY_0003': mocks.overrides.de}, mocks.locales.de);
+            spPropertiesProvider.add('identifier3', {'KEY_0003': spPropertiesMocks.overrides.enUs}, spPropertiesMocks.locales.enUs);
+            spPropertiesProvider.add('identifier3', {'KEY_0003': spPropertiesMocks.overrides.nlNl}, spPropertiesMocks.locales.nlNl);
+            spPropertiesProvider.add('identifier3', {'KEY_0003': spPropertiesMocks.overrides.de}, spPropertiesMocks.locales.de);
         });
 
     beforeEach(function () {
@@ -37,28 +37,28 @@ describe('properties', function () {
     });
 
     it('should be fetched for the given identifier and locale', function () {
-        expect(service.properties('identifier1', mocks.locales.enUs)).toEqual(mocks.properties.enUs);
-        expect(service.properties('identifier1', mocks.locales.nlNl)).toEqual(mocks.properties.nlNl);
-        expect(service.properties('identifier2', mocks.locales.de)).toEqual(mocks.properties.de);
+        expect(service.properties('identifier1', spPropertiesMocks.locales.enUs)).toEqual(spPropertiesMocks.properties.enUs);
+        expect(service.properties('identifier1', spPropertiesMocks.locales.nlNl)).toEqual(spPropertiesMocks.properties.nlNl);
+        expect(service.properties('identifier2', spPropertiesMocks.locales.de)).toEqual(spPropertiesMocks.properties.de);
     });
     it('should be fetched for the given identifier and locale but not match as they are overridden', function () {
-        expect(service.properties('identifier3', mocks.locales.enUs)).not.toEqual(mocks.properties.enUs);
-        expect(service.properties('identifier3', mocks.locales.nlNl)).not.toEqual(mocks.properties.nlNl)
-        expect(service.properties('identifier3', mocks.locales.de)).not.toEqual(mocks.properties.de)
+        expect(service.properties('identifier3', spPropertiesMocks.locales.enUs)).not.toEqual(spPropertiesMocks.properties.enUs);
+        expect(service.properties('identifier3', spPropertiesMocks.locales.nlNl)).not.toEqual(spPropertiesMocks.properties.nlNl)
+        expect(service.properties('identifier3', spPropertiesMocks.locales.de)).not.toEqual(spPropertiesMocks.properties.de)
     });
     it('should be fetched for the given identifier, key and locale', function () {
-        expect(service.property('identifier1', 'KEY_0001', mocks.locales.enUs)).toEqual('one');
-        expect(service.property('identifier1', 'KEY_0001', mocks.locales.nlNl)).toEqual('één');
-        expect(service.property('identifier2', 'KEY_0001', mocks.locales.de)).toEqual('eins');
+        expect(service.property('identifier1', 'KEY_0001', spPropertiesMocks.locales.enUs)).toEqual('one');
+        expect(service.property('identifier1', 'KEY_0001', spPropertiesMocks.locales.nlNl)).toEqual('één');
+        expect(service.property('identifier2', 'KEY_0001', spPropertiesMocks.locales.de)).toEqual('eins');
     });
     it('should be fetched for the given identifier, key and locale but match the overridden values', function () {
-        expect(service.property('identifier3', 'KEY_0003', mocks.locales.enUs)).toEqual('override');
-        expect(service.property('identifier3', 'KEY_0003', mocks.locales.nlNl)).toEqual('overschrijven');
-        expect(service.property('identifier3', 'KEY_0003', mocks.locales.de)).toEqual('überschreiben');
+        expect(service.property('identifier3', 'KEY_0003', spPropertiesMocks.locales.enUs)).toEqual('override');
+        expect(service.property('identifier3', 'KEY_0003', spPropertiesMocks.locales.nlNl)).toEqual('overschrijven');
+        expect(service.property('identifier3', 'KEY_0003', spPropertiesMocks.locales.de)).toEqual('überschreiben');
     });
     it('should give undefined for undefined entries', function () {
-        expect(service.property('identifier', 'KEY_0001', mocks.locales.enUs)).toBeUndefined();
-        expect(service.property('identifier1', 'KEY', mocks.locales.enUs)).toBeUndefined();
+        expect(service.property('identifier', 'KEY_0001', spPropertiesMocks.locales.enUs)).toBeUndefined();
+        expect(service.property('identifier1', 'KEY', spPropertiesMocks.locales.enUs)).toBeUndefined();
         expect(service.property('identifier1', 'KEY_0001', "--")).toBeUndefined();
     })
 });

test/unit/sp/utility/spTrustedSpec.js

@@ -0,0 +1,23 @@
+'use strict';
+
+describe('spTrusted filter', function () {
+    var snippet = '<p style="color:blue">an html\n<em onmouseover="this.textContent=\'PWN3D!\'">hover</em>\nsnippet</p>';
+    var element, scope;
+
+    beforeEach(function() {
+        module('sp.utility');
+        inject(function($rootScope, $compile) {
+            scope = $rootScope;
+            element = angular.element(
+                '<div ng-bind-html="snippet | spTrusted"></div>'
+            );
+            scope.snippet = snippet;
+            $compile(element)(scope);
+            scope.$digest();
+        })
+    });
+
+    it('should trust html', function () {
+        expect(element.html()).toEqual(snippet);
+    });
+});