fix($compile): Bump track src from URL to RESOURCE_URL.

rjamet · Narretz · commit 02ce357f4757 · 2016-08-17T22:20:14.000+02:00
Track files might contain CSS, and haven't been around for long. Keeping the
high security context as a precaution is justified.
diff --git a/src/ng/compile.js b/src/ng/compile.js
@@ -3152,9 +3152,10 @@ function $CompileProvider($provide, $$sanitizeUriProvider) {
       }
       var tag = nodeName_(node);
       // All tags with src attributes require a RESOURCE_URL value, except for
-      // img and various html5 media tags.
+      // img and various html5 media tags. Note that track src allows files
+      // containing CSS, so leave that to RESOURCE_URL level.
       if (attrNormalizedName === 'src' || attrNormalizedName === 'ngSrc') {
-        if (['img', 'video', 'audio', 'track'].indexOf(tag) === -1) {
+        if (['img', 'video', 'audio'].indexOf(tag) === -1) {
           return $sce.RESOURCE_URL;
         }
       // maction[xlink:href] can source SVG.  It's not limited to <maction>.

Original file line number	Diff line number	Diff line change
`@@ -3152,9 +3152,10 @@ function $CompileProvider($provide, $$sanitizeUriProvider) {`
`3152`	`3152`	`}`
`3153`	`3153`	`var tag = nodeName_(node);`
`3154`	`3154`	`// All tags with src attributes require a RESOURCE_URL value, except for`
`3155`		`- // img and various html5 media tags.`
	`3155`	`+ // img and various html5 media tags. Note that track src allows files`
	`3156`	`+ // containing CSS, so leave that to RESOURCE_URL level.`
`3156`	`3157`	`if (attrNormalizedName === 'src' \|\| attrNormalizedName === 'ngSrc') {`
`3157`		`- if (['img', 'video', 'audio', 'track'].indexOf(tag) === -1) {`
	`3158`	`+ if (['img', 'video', 'audio'].indexOf(tag) === -1) {`
`3158`	`3159`	`return $sce.RESOURCE_URL;`
`3159`	`3160`	`}`
`3160`	`3161`	`// maction[xlink:href] can source SVG. It's not limited to <maction>.`