@@ -464,6 +464,38 @@ describe('SCE', function() {
464
464
'$sce' , 'insecurl' , 'Blocked loading resource from url not allowed by $sceDelegate policy. URL: foo' ) ;
465
465
}
466
466
) ) ;
467
+
468
+ describe ( 'when the document base URL has changed' , function ( ) {
469
+ var baseElem = document . createElement ( 'BASE' ) ;
470
+ var cfg = { whitelist : [ 'self' ] , blacklist : [ ] } ;
471
+ baseElem . setAttribute ( 'href' , '//foo.example.com/path/' ) ;
472
+ beforeAll ( function ( ) {
473
+ document . head . appendChild ( baseElem ) ;
474
+ } ) ;
475
+ afterAll ( function ( ) { ;
476
+ document . head . removeChild ( baseElem ) ;
477
+ } ) ;
478
+ function expectAllowed ( $sce , url ) {
479
+ expect ( $sce . getTrustedResourceUrl ( url ) ) . toEqual ( url ) ;
480
+ }
481
+
482
+ function expectBlocked ( $sce , url ) {
483
+ expect ( function ( ) { $sce . getTrustedResourceUrl ( url ) ; } ) . toThrowMinErr (
484
+ '$sce' , 'insecurl' , 'Blocked loading resource from url not allowed by $sceDelegate policy. URL: ' + url ) ;
485
+ }
486
+
487
+ it ( 'should allow relative URLs' , runTest ( cfg , function ( $sce ) {
488
+ expectAllowed ( $sce , 'foo' ) ;
489
+ } ) ) ;
490
+
491
+ it ( 'should allow absolute URLs' , runTest ( cfg , function ( $sce ) {
492
+ expectAllowed ( $sce , '//foo.example.com/bar' ) ;
493
+ } ) ) ;
494
+
495
+ it ( 'should still block some URLs' , runTest ( cfg , function ( $sce ) {
496
+ expectBlocked ( $sce , '//bad.example.com' ) ;
497
+ } ) ) ;
498
+ } ) ;
467
499
} ) ;
468
500
469
501
it ( 'should have blacklist override the whitelist' , runTest (
0 commit comments