fix($parse): check function call context to be safe

Closes #4417
author: Chirayu Krishnappa 2013-10-14 16:05:53 -0700
committer: Igor Minar 2013-10-15 06:43:19 -0700
commit: 6d324c76f0d3ad7dae69ce01b14e0564938fb15e (patch)
tree: 6def7f8220edfe8412a8a10df67d4efeb39f2aa4 /test
parent: 3aefd3a4f0c9f6eba54b2e4f7a13c5621436df7d (diff)
download: angular.js-6d324c76f0d3ad7dae69ce01b14e0564938fb15e.tar.bz2
1 files changed, 14 insertions, 0 deletions
diff --git a/test/ng/parseSpec.js b/test/ng/parseSpec.js
index 940bd6d6..d7d0d941 100644
--- a/test/ng/parseSpec.js
+++ b/test/ng/parseSpec.js
@@ -730,6 +730,20 @@ describe('parser', function() {
                     '$parse', 'isecdom', 'Referencing DOM nodes in Angular expressions is ' +
                     'disallowed! Expression: getDoc()');
           }));
+
+          it('should NOT allow calling functions on Window or DOM', inject(function($window, $document) {
+            scope.a = {b: { win: $window, doc: $document }};
+            expect(function() {
+              scope.$eval('a.b.win.alert(1)', scope);
+            }).toThrowMinErr(
+                    '$parse', 'isecwindow', 'Referencing the Window in Angular expressions is ' +
+                    'disallowed! Expression: a.b.win.alert(1)');
+            expect(function() {
+              scope.$eval('a.b.doc.on("click")', scope);
+            }).toThrowMinErr(
+                    '$parse', 'isecdom', 'Referencing DOM nodes in Angular expressions is ' +
+                    'disallowed! Expression: a.b.doc.on("click")');
+          }));
         });
       });
author	Chirayu Krishnappa	2013-10-14 16:05:53 -0700
committer	Igor Minar	2013-10-15 06:43:19 -0700
commit	6d324c76f0d3ad7dae69ce01b14e0564938fb15e (patch)
tree	6def7f8220edfe8412a8a10df67d4efeb39f2aa4 /test
parent	3aefd3a4f0c9f6eba54b2e4f7a13c5621436df7d (diff)
download	angular.js-6d324c76f0d3ad7dae69ce01b14e0564938fb15e.tar.bz2