AngularJS API Referenceautoauto/serviceauto/service/$injectorauto/service/$providengng/directiveng/directive/ang/directive/formng/directive/inputng/directive/input[checkbox]ng/directive/input[date]ng/directive/input[dateTimeLocal]ng/directive/input[email]ng/directive/input[month]ng/directive/input[number]ng/directive/input[radio]ng/directive/input[text]ng/directive/input[time]ng/directive/input[url]ng/directive/input[week]ng/directive/ngAppng/directive/ngBindng/directive/ngBindHtmlng/directive/ngBindTemplateng/directive/ngBlurng/directive/ngChangeng/directive/ngCheckedng/directive/ngClassng/directive/ngClassEvenng/directive/ngClassOddng/directive/ngClickng/directive/ngCloakng/directive/ngControllerng/directive/ngCopyng/directive/ngCspng/directive/ngCutng/directive/ngDblclickng/directive/ngDisabledng/directive/ngFocusng/directive/ngFormng/directive/ngHideng/directive/ngHrefng/directive/ngIfng/directive/ngIncludeng/directive/ngInitng/directive/ngKeydownng/directive/ngKeypressng/directive/ngKeyupng/directive/ngListng/directive/ngModelng/directive/ngModelOptionsng/directive/ngMousedownng/directive/ngMouseenterng/directive/ngMouseleaveng/directive/ngMousemoveng/directive/ngMouseoverng/directive/ngMouseupng/directive/ngNonBindableng/directive/ngOpenng/directive/ngPasteng/directive/ngPluralizeng/directive/ngReadonlyng/directive/ngRepeatng/directive/ngSelectedng/directive/ngShowng/directive/ngSrcng/directive/ngSrcsetng/directive/ngStyleng/directive/ngSubmitng/directive/ngSwitchng/directive/ngTranscludeng/directive/ngValueng/directive/scriptng/directive/selectng/directive/textareang/filterng/filter/currencyng/filter/dateng/filter/filterng/filter/jsonng/filter/limitTong/filter/lowercaseng/filter/numberng/filter/orderByng/filter/uppercaseng/functionng/function/angular.bindng/function/angular.bootstrapng/function/angular.copyng/function/angular.elementng/function/angular.equalsng/function/angular.extendng/function/angular.forEachng/function/angular.fromJsonng/function/angular.identityng/function/angular.injectorng/function/angular.isArrayng/function/angular.isDateng/function/angular.isDefinedng/function/angular.isElementng/function/angular.isFunctionng/function/angular.isNumberng/function/angular.isObjectng/function/angular.isStringng/function/angular.isUndefinedng/function/angular.lowercaseng/function/angular.moduleng/function/angular.noopng/function/angular.toJsonng/function/angular.uppercaseng/objectng/object/angular.versionng/providerng/provider/$animateProviderng/provider/$compileProviderng/provider/$controllerProviderng/provider/$filterProviderng/provider/$httpProviderng/provider/$interpolateProviderng/provider/$locationProviderng/provider/$logProviderng/provider/$parseProviderng/provider/$rootScopeProviderng/provider/$sceDelegateProviderng/provider/$sceProviderng/serviceng/service/$anchorScrollng/service/$animateng/service/$cacheFactoryng/service/$compileng/service/$controllerng/service/$documentng/service/$exceptionHandlerng/service/$filterng/service/$httpng/service/$httpBackendng/service/$interpolateng/service/$intervalng/service/$localeng/service/$locationng/service/$logng/service/$parseng/service/$qng/service/$rootElementng/service/$rootScopeng/service/$sceng/service/$sceDelegateng/service/$templateCacheng/service/$timeoutng/service/$windowng/typeng/type/$cacheFactory.Cacheng/type/$compile.directive.Attributesng/type/$rootScope.Scopeng/type/angular.Moduleng/type/form.FormControllerng/type/ngModel.NgModelControllerngAnimatengAnimate/providerngAnimate/provider/$animateProviderngAnimate/servicengAnimate/service/$animatengCookiesngCookies/servicengCookies/service/$cookiesngCookies/service/$cookieStorengMessagesngMessages/directivengMessages/directive/ngMessagengMessages/directive/ngMessagesngMockngMock/functionngMock/function/angular.mock.dumpngMock/function/angular.mock.injectngMock/function/angular.mock.modulengMock/objectngMock/object/angular.mockngMock/providerngMock/provider/$exceptionHandlerProviderngMock/servicengMock/service/$exceptionHandlerngMock/service/$httpBackendngMock/service/$intervalngMock/service/$logngMock/service/$timeoutngMock/typengMock/type/angular.mock.TzDatengMockE2EngMockE2E/servicengMockE2E/service/$httpBackendngResourcengResource/servicengResource/service/$resourcengRoutengRoute/directivengRoute/directive/ngViewngRoute/providerngRoute/provider/$routeProviderngRoute/servicengRoute/service/$routengRoute/service/$routeParamsngSanitizengSanitize/filterngSanitize/filter/linkyngSanitize/servicengSanitize/service/$sanitizengTouchngTouch/directivengTouch/directive/ngClickngTouch/directive/ngSwipeLeftngTouch/directive/ngSwipeRightngTouch/servicengTouch/service/$swipe
©
本文档使用
php.cn手册 发布
文字
AngularJS: API: ng/provider/$sceDelegateProvider
$sceDelegateProvider
- - $sceDelegate
- - provider in module ng
$sceDelegateProvider提供者允许开发者配置$sceDelegate服务。它允许一个get/set 白名单和黑名单用于确保使用的获取Angular模板的URL是安全的。参见$sceDelegateProvider.resourceUrlWhitelist 和
$sceDelegateProvider.resourceUrlBlacklist
对于这个服务在Angular中的一些细节,请阅读Strict Contextual Escaping (SCE)。
示例: 考虑以下情况
- 你的应用的url主机地址为
http://myapp.example.com/ - 但是你的一些模板存在其它域上,如
http://srv01.assets.example.com/,http://srv02.assets.example.com/等。 - 并且你有一个开放的重定向
http://myapp.example.com/clickThru?...。
这种情况下的安全配置可能看起来像:
angular.module('myApp', []).config(Function($sceDelegateProvider) {
$sceDelegateProvider.resourceUrlWhitelist([
// 允许相同来源资源载入。
'self',
// 允许从我们的assets域加载。注意 * 和 **之间的不同。
'http://srv*.assets.example.com/**'
]);
// 黑名单覆盖白名单,这样开放重定向在这会被阻止。
$sceDelegateProvider.resourceUrlBlacklist([
'http://myapp.example.com/clickThru**'
]);
});方法
-
resourceUrlWhitelist([whitelist]);Sets/Gets 信任资源URL们的白名单。
参数
参数 类型 详述 whitelist (可选)Array 当提供时,使用给出的值替换resourceUrlWhitelist。它必须是一个数组或null。这里会使用该数组的快照,所以数组未来的变化被忽略。
注意: 一个空的白名单数组会阻止所有URL!返回值
Array 当前设置的白名单数组。
没有白名单时的默认值被简单设为
['self'],只允许相同来源的资源请求。 -
resourceUrlBlacklist([blacklist]);Sets/Gets 信任资源URL们的黑名单。
参数
参数 类型 详述 blacklist (可选)Array 当提供时,使用给出的值替换resourceUrlBlacklist。它必须是一个数组或null。这里会使用该数组的快照,所以数组未来的变化被忽略。
黑名单典型的用法是用**阻止开放重定向(http://cwe.mitre.org/data/definitions/601.html)。 使用**处理您域中这些原本被信任的但实际上返回重定向域的内容。 最后,正如我们之前所说的黑名单会覆盖白名单。返回值
Array 当前设置的黑名单数组。
没有白名单时的默认值被简单设为空数组(表示这里没有黑名单)。