diff options
| author | Chirayu Krishnappa | 2013-08-09 14:47:13 -0700 |
|---|---|---|
| committer | Chirayu Krishnappa | 2013-09-17 18:15:49 -0700 |
| commit | be0b4856699334ff51bacf2d1fd3394663d6bd28 (patch) | |
| tree | 19dc768b7d6b5f79c612a5d71f598f7e5cfab39e /test/ng/parseSpec.js | |
| parent | 4b71bbc9886f6cf8e939d257c755bf7c4a94396e (diff) | |
| download | angular.js-be0b4856699334ff51bacf2d1fd3394663d6bd28.tar.bz2 | |
fix($parse): disallow access to window and dom in expressions
Diffstat (limited to 'test/ng/parseSpec.js')
| -rw-r--r-- | test/ng/parseSpec.js | 215 |
1 files changed, 130 insertions, 85 deletions
diff --git a/test/ng/parseSpec.js b/test/ng/parseSpec.js index a82f736f..44b648c5 100644 --- a/test/ng/parseSpec.js +++ b/test/ng/parseSpec.js @@ -555,100 +555,145 @@ describe('parser', function() { }); describe('sandboxing', function() { - it('should NOT allow access to Function constructor in getter', function() { - expect(function() { - scope.$eval('{}.toString.constructor'); - }).toThrowMinErr( - '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + - 'Expression: {}.toString.constructor'); - - expect(function() { - scope.$eval('{}.toString.constructor("alert(1)")'); - }).toThrowMinErr( - '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + - 'Expression: {}.toString.constructor("alert(1)")'); - - expect(function() { - scope.$eval('[].toString.constructor.foo'); - }).toThrowMinErr( - '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + - 'Expression: [].toString.constructor.foo'); - - expect(function() { - scope.$eval('{}.toString["constructor"]'); - }).toThrowMinErr( - '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + - 'Expression: {}.toString["constructor"]'); - expect(function() { - scope.$eval('{}["toString"]["constructor"]'); - }).toThrowMinErr( - '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + - 'Expression: {}["toString"]["constructor"]'); - - scope.a = []; - expect(function() { - scope.$eval('a.toString.constructor', scope); - }).toThrowMinErr( - '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + - 'Expression: a.toString.constructor'); - expect(function() { - scope.$eval('a.toString["constructor"]', scope); - }).toThrowMinErr( - '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + - 'Expression: a.toString["constructor"]'); - }); - - it('should NOT allow access to Function constructor in setter', function() { - expect(function() { - scope.$eval('{}.toString.constructor = 1'); - }).toThrowMinErr( - '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + - 'Expression: {}.toString.constructor = 1'); + describe('Function constructor', function() { + it('should NOT allow access to Function constructor in getter', function() { + expect(function() { + scope.$eval('{}.toString.constructor'); + }).toThrowMinErr( + '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + + 'Expression: {}.toString.constructor'); + + expect(function() { + scope.$eval('{}.toString.constructor("alert(1)")'); + }).toThrowMinErr( + '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + + 'Expression: {}.toString.constructor("alert(1)")'); + + expect(function() { + scope.$eval('[].toString.constructor.foo'); + }).toThrowMinErr( + '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + + 'Expression: [].toString.constructor.foo'); + + expect(function() { + scope.$eval('{}.toString["constructor"]'); + }).toThrowMinErr( + '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + + 'Expression: {}.toString["constructor"]'); + expect(function() { + scope.$eval('{}["toString"]["constructor"]'); + }).toThrowMinErr( + '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + + 'Expression: {}["toString"]["constructor"]'); + + scope.a = []; + expect(function() { + scope.$eval('a.toString.constructor', scope); + }).toThrowMinErr( + '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + + 'Expression: a.toString.constructor'); + expect(function() { + scope.$eval('a.toString["constructor"]', scope); + }).toThrowMinErr( + '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + + 'Expression: a.toString["constructor"]'); + }); - expect(function() { - scope.$eval('{}.toString.constructor.a = 1'); - }).toThrowMinErr( - '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + - 'Expression: {}.toString.constructor.a = 1'); + it('should NOT allow access to Function constructor in setter', function() { + expect(function() { + scope.$eval('{}.toString.constructor = 1'); + }).toThrowMinErr( + '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + + 'Expression: {}.toString.constructor = 1'); + + expect(function() { + scope.$eval('{}.toString.constructor.a = 1'); + }).toThrowMinErr( + '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + + 'Expression: {}.toString.constructor.a = 1'); + + expect(function() { + scope.$eval('{}.toString["constructor"]["constructor"] = 1'); + }).toThrowMinErr( + '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + + 'Expression: {}.toString["constructor"]["constructor"] = 1'); + + + scope.key1 = "const"; + scope.key2 = "ructor"; + expect(function() { + scope.$eval('{}.toString[key1 + key2].foo = 1'); + }).toThrowMinErr( + '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + + 'Expression: {}.toString[key1 + key2].foo = 1'); + + expect(function() { + scope.$eval('{}.toString["constructor"]["a"] = 1'); + }).toThrowMinErr( + '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + + 'Expression: {}.toString["constructor"]["a"] = 1'); + + scope.a = []; + expect(function() { + scope.$eval('a.toString.constructor = 1', scope); + }).toThrowMinErr( + '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + + 'Expression: a.toString.constructor = 1'); + }); - expect(function() { - scope.$eval('{}.toString["constructor"]["constructor"] = 1'); - }).toThrowMinErr( - '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + - 'Expression: {}.toString["constructor"]["constructor"] = 1'); + it('should NOT allow access to Function constructor that has been aliased', function() { + scope.foo = { "bar": Function }; + expect(function() { + scope.$eval('foo["bar"]'); + }).toThrowMinErr( + '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + + 'Expression: foo["bar"]'); - scope.key1 = "const"; - scope.key2 = "ructor"; - expect(function() { - scope.$eval('{}.toString[key1 + key2].foo = 1'); - }).toThrowMinErr( - '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + - 'Expression: {}.toString[key1 + key2].foo = 1'); + }); - expect(function() { - scope.$eval('{}.toString["constructor"]["a"] = 1'); - }).toThrowMinErr( - '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + - 'Expression: {}.toString["constructor"]["a"] = 1'); - scope.a = []; - expect(function() { - scope.$eval('a.toString.constructor = 1', scope); - }).toThrowMinErr( - '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + - 'Expression: a.toString.constructor = 1'); + it('should NOT allow access to Function constructor in getter', function() { + expect(function() { + scope.$eval('{}.toString.constructor'); + }).toThrowMinErr( + '$parse', 'isecfld', 'Referencing "constructor" field in Angular expressions is disallowed! ' + + 'Expression: {}.toString.constructor'); + }); }); - it('should NOT allow access to Function constructor that has been aliased', function() { - scope.foo = { "bar": Function }; - expect(function() { - scope.$eval('foo["bar"]'); - }).toThrowMinErr( - '$parse', 'isecfn', 'Referencing Function in Angular expressions is disallowed! ' + - 'Expression: foo["bar"]'); - + describe('Window and $element/node', function() { + it('should NOT allow access to the Window or DOM when indexing', inject(function($window, $document) { + scope.wrap = {w: $window, d: $document}; + + expect(function() { + scope.$eval('wrap["w"]', scope); + }).toThrowMinErr( + '$parse', 'isecwindow', 'Referencing the Window in Angular expressions is ' + + 'disallowed! Expression: wrap["w"]'); + expect(function() { + scope.$eval('wrap["d"]', scope); + }).toThrowMinErr( + '$parse', 'isecdom', 'Referencing DOM nodes in Angular expressions is ' + + 'disallowed! Expression: wrap["d"]'); + })); + + it('should NOT allow access to the Window or DOM returned from a function', inject(function($window, $document) { + scope.getWin = valueFn($window); + scope.getDoc = valueFn($document); + + expect(function() { + scope.$eval('getWin()', scope); + }).toThrowMinErr( + '$parse', 'isecwindow', 'Referencing the Window in Angular expressions is ' + + 'disallowed! Expression: getWin()'); + expect(function() { + scope.$eval('getDoc()', scope); + }).toThrowMinErr( + '$parse', 'isecdom', 'Referencing DOM nodes in Angular expressions is ' + + 'disallowed! Expression: getDoc()'); + })); }); }); |