SQUASH! minor refactoring of interpolate service

petebacondarwin · petebacondarwin · commit 84750b99fc86 · 2017-12-20T13:43:48.000Z
Deals with @jbedard's comments.
diff --git a/src/ng/interpolate.js b/src/ng/interpolate.js
@@ -119,10 +119,6 @@ function $InterpolateProvider() {
       return unwatch;
     }
 
-    function isConcatenationAllowed(context) {
-      return context === $sce.URL || context === $sce.MEDIA_URL;
-    }
-
     /**
      * @ngdoc service
      * @name $interpolate
@@ -260,13 +256,13 @@ function $InterpolateProvider() {
           endIndex,
           index = 0,
           expressions = [],
-          parseFns = [],
+          parseFns,
           textLength = text.length,
           exp,
           concat = [],
           expressionPositions = [],
-          singleExpression = false,
-          contextAllowsConcatenation = isConcatenationAllowed(trustedContext);
+          singleExpression,
+          contextAllowsConcatenation = trustedContext === $sce.URL || trustedContext === $sce.MEDIA_URL;
 
       while (index < textLength) {
         if (((startIndex = text.indexOf(startSymbol, index)) !== -1) &&
@@ -276,7 +272,6 @@ function $InterpolateProvider() {
           }
           exp = text.substring(startIndex + startSymbolLength, endIndex);
           expressions.push(exp);
-          parseFns.push($parse(exp, parseStringifyInterceptor));
           index = endIndex + endSymbolLength;
           expressionPositions.push(concat.length);
           concat.push(''); // Placeholder that will get replaced with the evaluated expression.
@@ -289,9 +284,10 @@ function $InterpolateProvider() {
         }
       }
 
-      if (concat.length === 1 && expressionPositions.length === 1) {
-        singleExpression = true;
-      }
+      singleExpression = concat.length === 1 && expressionPositions.length === 1;
+      parseFns = contextAllowsConcatenation && singleExpression ?
+                  [$parse(expressions[0])] :
+                  expressions.map(function(exp) { return $parse(exp, parseStringifyInterceptor); });
 
       // Concatenating expressions makes it hard to reason about whether some combination of
       // concatenated values are unsafe to use and could easily lead to XSS.  By requiring that a
@@ -314,32 +310,14 @@ function $InterpolateProvider() {
           }
 
           if (contextAllowsConcatenation) {
-            if (singleExpression) {
-              // The raw value was left as-is by parseStringifyInterceptor
-              return $sce.getTrusted(trustedContext, concat[0]);
-            } else {
-              return $sce.getTrusted(trustedContext, concat.join(''));
-            }
-          } else if (trustedContext) {
-            if (concat.length > 1) {
-              // there's at least two parts, so expr + string or exp + exp, and this context
-              // doesn't allow that.
-              $interpolateMinErr.throwNoconcat(text);
-            } else {
-              return concat.join('');
-            }
-          } else { // In an unprivileged context, just concatenate and return.
-            return concat.join('');
+            // If `singleExpression` then `concat[0]` might be a "trusted" value or `null`, rather than a string
+            return $sce.getTrusted(trustedContext, singleExpression ? concat[0] : concat.join(''));
+          } else if (trustedContext && concat.length > 1) {
+            // This context does not allow more than one part, e.g. expr + string or exp + exp.
+            $interpolateMinErr.throwNoconcat(text);
           }
-        };
-
-        var getValue = function(value) {
-          // In concatenable contexts, getTrusted comes at the end, to avoid sanitizing individual
-          // parts of a full URL. We don't care about losing the trustedness here, that's handled in
-          // parseStringifyInterceptor below.
-          return (trustedContext && !contextAllowsConcatenation) ?
-            $sce.getTrusted(trustedContext, value) :
-            $sce.valueOf(value);
+          // In an unprivileged context or only one part: just concatenate and return.
+          return concat.join('');
         };
 
         return extend(function interpolationFn(context) {
@@ -374,13 +352,14 @@ function $InterpolateProvider() {
 
       function parseStringifyInterceptor(value) {
         try {
-          if (contextAllowsConcatenation && singleExpression) {
-            // No stringification in this case, to keep the trusted value until unwrapping.
-            return value;
-          } else {
-            value = getValue(value);
-            return allOrNothing && !isDefined(value) ? value : stringify(value);
-          }
+          // In concatenable contexts, getTrusted comes at the end, to avoid sanitizing individual
+          // parts of a full URL. We don't care about losing the trustedness here.
+          // If non-concatenable contexts where there is only one expression then this interceptor
+          // is not applied to the expression.
+          value = (trustedContext && !contextAllowsConcatenation) ?
+                    $sce.getTrusted(trustedContext, value) :
+                    $sce.valueOf(value);
+          return allOrNothing && !isDefined(value) ? value : stringify(value);
         } catch (err) {
           $exceptionHandler($interpolateMinErr.interr(text, err));
         }
