Recently, I experienced an annoying issue after having upgraded my application from angularjs 1.6 to angularjs 1.7.
Consider the following link:
This is a technique I like to use to simulate a link. Basically, defining the “href” attribute to “javascript:void(0)” along with “ng-click” allowed me to add a link executing JavaScript code instead of simply redirecting the user to another page.
However, angularjs 1.7 comes with a feature marking the “javascript” protocol as unsafe, so all the links with the aforementioned format were transformed in:
Even though “Chrome” has no issue with this, “Firefox” and “Edge” don’t quite like it. Of course, it’s not a browser issue, it’s not normal to have this “unsafe:” thingy in the link, so how did I fix it?
Well, I had to configure the compiler service to allow the “javascript” protocol like this:
The “aHrefSanitizationWhitelist” function allows us to define a white list of accepted protocols.