Skip to content

URL.createObjectURL are currently marked unsafe #3719

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bfanger opened this issue May 13, 2015 · 4 comments
Closed

URL.createObjectURL are currently marked unsafe #3719

bfanger opened this issue May 13, 2015 · 4 comments

Comments

@bfanger
Copy link

bfanger commented May 13, 2015

This is already fixed in regular angular, but ionic overwrites the imgSrcSanitizationWhitelist value in js/angular/service/ionicConfig.js.

To fix this add |blob to the regex:

$compileProvider.imgSrcSanitizationWhitelist(/^\s*(https?|ftp|file|blob|ms-appx|x-wmapp0):|data:image\//);
@mhartington
Copy link
Contributor

Not sure I follow, this is already in 1.0 and release.

https://github.com/driftyco/ionic/blob/master/js/angular/service/ionicConfig.js#L632

@bfanger
Copy link
Author

bfanger commented May 13, 2015

Ah, it was indeed fixed 8 days ago i was using 1.0.0-rc5,

@bfanger bfanger closed this as completed May 13, 2015
@bfanger
Copy link
Author

bfanger commented May 27, 2015

When using the cordova camera plugin, it uses a content:// scheme. Which will be marked unsafe: unsafe:content://com.android.providers.media.documents/document/image%3A47

Adding content to the imgSrcSanitizationWhitelist fixes this issue.

$compileProvider.imgSrcSanitizationWhitelist(/^\s*(https?|tel|ftp|file|blob|content|ms-appx|x-wmapp0):|data:image\//);

@mhartington mhartington reopened this Jun 3, 2015
mhartington added a commit that referenced this issue Jun 3, 2015
@mhartington
fix(ionicConfig): add content scheme to whitelist
8572f38 
When using the camera plugin, it will use a content:// scheme, which will be marked unsafe. Closes #3719
@mhartington
Copy link
Contributor

This should be fixed with 8572f38

@ionitron-bot ionitron-bot bot locked and limited conversation to collaborators Sep 7, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bfanger @mhartington