Description

The $sceDelegateProvider provider allows developers to configure the $sceDelegate service. This allows one to get/set the whitelists and blacklists used to ensure that URLs used for sourcing Angular templates are safe. Refer $sceDelegateProvider.resourceUrlWhitelist and $sceDelegateProvider.resourceUrlBlacklist

Methods

Sets/Gets the blacklist of trusted resource URLs.

Param	Type	Details
blacklist (optional)	Array	When provided, replaces the resourceUrlBlacklist with the value provided. This must be an array. Each element of this array must either be a regex or the special string `'self'` (see `resourceUrlWhitelist` for meaning - it's only really useful there.) When a regex is used, it is matched against the normalized / absolute URL of the resource being tested. The typical usage for the blacklist is to block open redirects served by your domain as these would otherwise be trusted but actually return content from the redirected domain. Finally, the blacklist overrides the whitelist and has the final say.

the currently set blacklist array.

The default value when no whitelist has been explicitly set is the empty array (i.e. there is no blacklist.)

Sets/Gets the whitelist of trusted resource URLs.

Param	Type	Details
whitelist (optional)	Array	When provided, replaces the resourceUrlWhitelist with the value provided. This must be an array. Each element of this array must either be a regex or the special string `'self'`. When a regex is used, it is matched against the normalized / absolute URL of the resource being tested. The special string `'self'` can be used to match against all URLs of the same domain as the application document with the same protocol (allows sourcing https resources from http documents.) Please note that an empty whitelist array will block all URLs!

the currently set whitelist array.

The default value when no whitelist has been explicitly set is ['self'].