github/meteor
1
1
Fork 0
mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

Avoid relying on HTMLAnchorElement.protocol; browser support not clear.

Browse Source 
Also avoid url.format, since we don't actually need server-side URL
normalization yet and it's not clear what, if any, normalization
url.format does.
This commit is contained in:
Emily Stark
2014-04-21 22:11:02 -07:00
parent 775ff19345
commit c445b57134
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
packages/ui/attrs.js
View File

@@ -205,13 +205,12 @@ if (Meteor.isClient) {
var anchorForNormalization = document.createElement('A');
}
var getProtocol = function (url) {
var normalizeUrl = function (url) {
if (Meteor.isClient) {
anchorForNormalization.href = url;
return anchorForNormalization.protocol;
return anchorForNormalization.href;
} else {
var parsed = Npm.require('url').parse(url);
return parsed.protocol;
throw new Error('normalizeUrl not implemented on the server');
}
};
@@ -233,7 +232,8 @@ var UrlHandler = AttributeHandler.extend({
if (UI._javascriptUrlsAllowed()) {
origUpdate.apply(self, args);
} else {
var isJavascriptProtocol = (getProtocol(value) === 'javascript:');
var isJavascriptProtocol =
(normalizeUrl(value).indexOf('javascript:') === 0);
if (isJavascriptProtocol) {
Meteor._debug("javascript: URLs are not allowed. " +
"Use UI._allowJavascriptUrls() to enable them.");