fix($sce): make trustAs watchable #4045
Conversation
|
Thanks for the PR!
If you need to make changes to your pull request, you can update the commit with Thanks again for your help! |
|
CLA signed as Rodric Haddad |
|
Can you squash your commits? |
|
@btford like that? |
|
Yes, thanks. @chirayuk, can you please look at this? Does it seem reasonable? |
ghost
assigned 
|
I'll take a look at it tonight. Thanks @btford |
|
tl;dr: I understand the problem and will think about it tomorrow and commit a fix. I just took a quick look at this PR now.
The way I was hoping it would be used to is that one would have a watcher on the raw value and when that changed, you'd generate the ps: As to the solution in this PR – it's one way to go. (However, sadly, the cache grows unbounded. In addition, the check to ensure that the input is a string should be moved up since the new code bypasses that check.) |
|
I'm not ready to add an unbounded no-eviction cache to trustAs just yet. For now, I've committed a fix that should solve the problem of using this with |
|
FYI – the fix I referred to is in e2068ad |
Nope. |
Ref: angular#4045 I have this sinking feeling that support this use case sort of encourages binding to function that blindly trust some html. For now, I'm fixing the issue while I think about the use cases some more. In the case of a function that performs any non-trivial work before wrapping the value (e.g. the showdown filter in issue angular#3980, or the binding to a simply wrapper function in issue angular#3932 if it did anything meaty), this fix makes it "work" - but performance is going to suck - you should bind to some other thing on scope that watches the actual source and adjusts itself when that changes (e.g. the showdown filter.) For the case of the wrapper in angular#3932, if one isn't performing sanitization or some such thing - then you the developer has insight into why that value is safe in that particular context - and it should be available simply by name and not as a result of a function taking any arbitrary input to make auditing of security a little saner. Closes angular#3932, angular#3980
Ref: angular/angular.js#4045 I have this sinking feeling that support this use case sort of encourages binding to function that blindly trust some html. For now, I'm fixing the issue while I think about the use cases some more. In the case of a function that performs any non-trivial work before wrapping the value (e.g. the showdown filter in issue #3980, or the binding to a simply wrapper function in issue #3932 if it did anything meaty), this fix makes it "work" - but performance is going to suck - you should bind to some other thing on scope that watches the actual source and adjusts itself when that changes (e.g. the showdown filter.) For the case of the wrapper in #3932, if one isn't performing sanitization or some such thing - then you the developer has insight into why that value is safe in that particular context - and it should be available simply by name and not as a result of a function taking any arbitrary input to make auditing of security a little saner. Closes #3932, #3980
068d861 made changes to ngBindHtml, making it watch
attr.ngBindHtmlinstead of$sce.parseAsHtml(attr.ngBindHtml). (landed in 1.2.0rc2)Since the
attr.ngBindHtmlexpressions returned the result of calling$sce.trustAs, we would get a[$rootScope:infdig]error (#3932, #3980), because.trustAsalways returns a new object.This PR solves the problem by caching the trustedValues returned by
$sce.trustAs