feat($sanitize, $compileProvider, linky): add support for the "sftp" protocol in links

Add support for the sftp protocol in the linky filter and the "aHrefSanitizationWhitelist" that is used by $sanitize and can be configured in the $compileProvider.

Closes #16102

Author: XFree

src/ng/sanitizeUri.js

@@ -6,7 +6,7 @@
  * Private service to sanitize uris for links and images. Used by $compile and $sanitize.
  */
 function $$SanitizeUriProvider() {
-  var aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/,
+  var aHrefSanitizationWhitelist = /^\s*(https?|s?ftp|mailto|tel|file):/,
     imgSrcSanitizationWhitelist = /^\s*((https?|ftp|file|blob):|data:image\/)/;
 
   /**

src/ngSanitize/filter/linky.js

@@ -6,7 +6,7 @@
  * @kind function
  *
  * @description
- * Finds links in text input and turns them into html links. Supports `http/https/ftp/mailto` and
+ * Finds links in text input and turns them into html links. Supports `http/https/ftp/sftp/mailto` and
  * plain email address links.
  *
  * Requires the {@link ngSanitize `ngSanitize`} module to be installed.
@@ -129,7 +129,7 @@
  */
 angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) {
   var LINKY_URL_REGEXP =
-        /((ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i,
+        /((s?ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i,
       MAILTO_REGEXP = /^mailto:/i;
 
   var linkyMinErr = angular.$$minErr('linky');

test/ng/compileSpec.js

@@ -153,7 +153,7 @@ describe('$compile', function() {
 
     it('should allow aHrefSanitizationWhitelist to be configured', function() {
       module(function($compileProvider) {
-        expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/^\s*(https?|ftp|mailto|tel|file):/); // the default
+        expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/^\s*(https?|s?ftp|mailto|tel|file):/); // the default
         $compileProvider.aHrefSanitizationWhitelist(/other/);
         expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/other/);
       });

test/ng/sanitizeUriSpec.js

@@ -216,6 +216,9 @@ describe('sanitizeUri', function() {
       testUrl = 'ftp://foo/bar';
       expect(sanitizeHref(testUrl)).toBe('ftp://foo/bar');
 
+      testUrl = 'sftp://foo/bar';
+      expect(sanitizeHref(testUrl)).toBe('sftp://foo/bar');
+
       testUrl = 'mailto:foo@bar.com';
       expect(sanitizeHref(testUrl)).toBe('mailto:foo@bar.com');
 

test/ngSanitize/filter/linkySpec.js

@@ -58,6 +58,10 @@ describe('linky', function() {
     expect(linky('HTTP://example.com')).toEqual('<a href="HTTP://example.com">HTTP://example.com</a>');
     expect(linky('HTTPS://www.example.com')).toEqual('<a href="HTTPS://www.example.com">HTTPS://www.example.com</a>');
     expect(linky('HTTPS://example.com')).toEqual('<a href="HTTPS://example.com">HTTPS://example.com</a>');
+    expect(linky('FTP://www.example.com')).toEqual('<a href="FTP://www.example.com">FTP://www.example.com</a>');
+    expect(linky('FTP://example.com')).toEqual('<a href="FTP://example.com">FTP://example.com</a>');
+    expect(linky('SFTP://www.example.com')).toEqual('<a href="SFTP://www.example.com">SFTP://www.example.com</a>');
+    expect(linky('SFTP://example.com')).toEqual('<a href="SFTP://example.com">SFTP://example.com</a>');
   });
 
   it('should handle www.', function() {

test/ngSanitize/sanitizeSpec.js

@@ -270,7 +270,8 @@ describe('HTML', function() {
 
   // See https://github.com/cure53/DOMPurify/blob/a992d3a75031cb8bb032e5ea8399ba972bdf9a65/src/purify.js#L439-L449
   it('should not allow JavaScript execution when creating inert document', inject(function($sanitize) {
-    var doc = $sanitize('<svg><g onload="window.xxx = 100"></g></svg>');
+    $sanitize('<svg><g onload="window.xxx = 100"></g></svg>');
+
     expect(window.xxx).toBe(undefined);
     delete window.xxx;
   }));