diff options
| author | Chirayu Krishnappa | 2013-08-09 14:47:13 -0700 |
|---|---|---|
| committer | Chirayu Krishnappa | 2013-09-17 18:15:49 -0700 |
| commit | be0b4856699334ff51bacf2d1fd3394663d6bd28 (patch) | |
| tree | 19dc768b7d6b5f79c612a5d71f598f7e5cfab39e /src/ng/parse.js | |
| parent | 4b71bbc9886f6cf8e939d257c755bf7c4a94396e (diff) | |
| download | angular.js-be0b4856699334ff51bacf2d1fd3394663d6bd28.tar.bz2 | |
fix($parse): disallow access to window and dom in expressions
Diffstat (limited to 'src/ng/parse.js')
| -rw-r--r-- | src/ng/parse.js | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/ng/parse.js b/src/ng/parse.js index 5597acd8..8f8c0f87 100644 --- a/src/ng/parse.js +++ b/src/ng/parse.js @@ -42,12 +42,20 @@ function ensureSafeObject(obj, fullExpression) { if (obj && obj.constructor === obj) { throw $parseMinErr('isecfn', 'Referencing Function in Angular expressions is disallowed! Expression: {0}', fullExpression); + // + } else if (// isWindow(obj) + obj && obj.document && obj.location && obj.alert && obj.setInterval) { + throw $parseMinErr('isecwindow', + 'Referencing the Window in Angular expressions is disallowed! Expression: {0}', fullExpression); + } else if (// isElement(obj) + obj && (obj.nodeName || (obj.on && obj.find))) { + throw $parseMinErr('isecdom', + 'Referencing DOM nodes in Angular expressions is disallowed! Expression: {0}', fullExpression); } else { return obj; } } - var OPERATORS = { 'null':function(){return null;}, 'true':function(){return true;}, @@ -688,6 +696,9 @@ function parser(text, json, $filter, csp){ args.push(argsFn[i](scope, locals)); } var fnPtr = fn(scope, locals, context) || noop; + + ensureSafeObject(fnPtr, text); + // IE stupidity! var v = fnPtr.apply ? fnPtr.apply(context, args) @@ -703,7 +714,7 @@ function parser(text, json, $filter, csp){ v = v.$$v; } - return v; + return ensureSafeObject(v, text); }; } |