1

I am getting the user details from a webservice.

Everything is fine except that the javascript is adding an unsafe attribute to the email Id field.

<div class="row">
    <div class="col col-50">
        <span class="input-label">Created By</span>
    </div>
    <div class="col col-50" style="color:white">
        {{Idea.FirstName}}&nbsp;{{Idea.LastName}}
        <a ng-href="sip:{{Idea.EmailId}}">
            <i class="ion-ios-chatboxes-outline" style="font-size:2em;color:white"></i>
        </a>
    </div>
</div>

When I am hovering or clicking the chat icon, a message is shown in the corner: unsafe:sip:"EmailId"

Erazihel
  • 7,295
  • 6
  • 30
  • 53
RAHUL DEEP
  • 695
  • 3
  • 13
  • 33

2 Answers2

1

ng-href executes expression in context of scope. You don't need curly braces for it. So your code should be either 

 <a ng-href="'sip:'+Idea.EmailId">

or

 <a href="sip:{{Idea.EmailId}}">
Kirill Slatin
  • 6,085
  • 3
  • 18
  • 38
  • my question is exactly like http://stackoverflow.com/questions/15606751/angular-changes-urls-to-unsafe-in-extension-page but there they are using it for mail and i am using for IM. – RAHUL DEEP Aug 13 '15 at 07:51
  • Perhaps in addition to fixing binding you will also have to provide a proper sanitization regex. But the error you see clearly says binding is wrong – Kirill Slatin Aug 13 '15 at 07:55
0

Angular is having normal url as href:mailto as whitelist. But few attribute need to loaded from the security point of view. To start an IM through angular we need to add sip to whitelist like this

 var app = angular.module( 'myApp', [] )
.config( [
'$compileProvider',
function( $compileProvider )
{   
    $compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|sip|chrome-extension):/);
}
]);

It will add sip to whitelist and the Lync application will start when clicked in the Icon. This change is to be made in app.js.

RAHUL DEEP
  • 695
  • 3
  • 13
  • 33