*
* Shoutout to Angular 7 https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts
*/
-const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^#&/:?]*(?:[#/?]|$))/gi
+const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^#&/:?]*(?:[#/?]|$))/i
/**
* A pattern that matches safe data URLs. Only matches image, video and audio types.
assert.strictEqual(tooltip.hasClass('a b'), true)
assert.strictEqual(tooltip.hasClass('tooltip fade bs-tooltip-top show'), true)
})
+
+ QUnit.test('HTML content can be passed through sanitation multiple times', function (assert) {
+ assert.expect(2)
+
+ // Add the same tooltip twice, so the template will be sanitized twice as well.
+ for (var i = 0; i <= 1; i++) {
+ $('<a href="#" rel="tooltip" data-trigger="click" title="<img src=\'test.jpg\'>" />')
+ .appendTo('#qunit-fixture')
+ .bootstrapTooltip({
+ html: true
+ })
+ .bootstrapTooltip('show')
+ }
+
+ var tooltip1Image = $('.tooltip:first img')
+ var tooltip2Image = $('.tooltip:last img')
+
+ assert.strictEqual(tooltip1Image.attr('src'), 'test.jpg')
+ assert.strictEqual(tooltip2Image.attr('src'), 'test.jpg')
+ })
})
projects / thirdparty / bootstrap.git / commitdiff
