fix($http): allow multiple json vulnerability prefixes

We strip out both: )]}', )]}'
author: Vojta Jina 2011-10-18 17:03:48 -0700
committer: Igor Minar 2011-11-30 11:17:22 -0500
commit: fe633dd0cf3d52f84ce73f486bcbd4e1d3058857 (patch)
tree: 14e432c43b01305cf8dffeb87f3614e3207e373e /src
parent: fdcc2dbfd37d14ca5f3c830b589c091611ab54bd (diff)
download: angular.js-fe633dd0cf3d52f84ce73f486bcbd4e1d3058857.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/src/service/http.js b/src/service/http.js
index f06b88fd..3b207a13 100644
--- a/src/service/http.js
+++ b/src/service/http.js
@@ -65,7 +65,8 @@ function $HttpProvider() {
     // transform in-coming reponse data
     transformResponse: function(data) {
       if (isString(data)) {
-        if (/^\)\]\}',\n/.test(data)) data = data.substr(6);
+        // strip json vulnerability protection prefix
+        data = data.replace(/^\)\]\}',?\n/, '');
         if (/^\s*[\[\{]/.test(data) && /[\}\]]\s*$/.test(data))
           data = fromJson(data, true);
       }
author	Vojta Jina	2011-10-18 17:03:48 -0700
committer	Igor Minar	2011-11-30 11:17:22 -0500
commit	fe633dd0cf3d52f84ce73f486bcbd4e1d3058857 (patch)
tree	14e432c43b01305cf8dffeb87f3614e3207e373e /src
parent	fdcc2dbfd37d14ca5f3c830b589c091611ab54bd (diff)
download	angular.js-fe633dd0cf3d52f84ce73f486bcbd4e1d3058857.tar.bz2