diff options
| author | Vojta Jina | 2011-10-18 17:03:48 -0700 |
|---|---|---|
| committer | Igor Minar | 2011-11-30 11:17:22 -0500 |
| commit | fe633dd0cf3d52f84ce73f486bcbd4e1d3058857 (patch) | |
| tree | 14e432c43b01305cf8dffeb87f3614e3207e373e /test | |
| parent | fdcc2dbfd37d14ca5f3c830b589c091611ab54bd (diff) | |
| download | angular.js-fe633dd0cf3d52f84ce73f486bcbd4e1d3058857.tar.bz2 | |
fix($http): allow multiple json vulnerability prefixes
We strip out both:
)]}',
)]}'
Diffstat (limited to 'test')
| -rw-r--r-- | test/service/httpSpec.js | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/test/service/httpSpec.js b/test/service/httpSpec.js index ad83bdf8..b39ac3d7 100644 --- a/test/service/httpSpec.js +++ b/test/service/httpSpec.js @@ -743,6 +743,16 @@ describe('$http', function() { expect(callback).toHaveBeenCalledOnce(); expect(callback.mostRecentCall.args[0]).toEqual([1, 'abc', {foo:'bar'}]); }); + + + it('should deserialize json with security prefix ")]}\'"', function() { + $httpBackend.expect('GET', '/url').respond(')]}\'\n\n[1, "abc", {"foo":"bar"}]'); + $http({method: 'GET', url: '/url'}).on('200', callback); + $httpBackend.flush(); + + expect(callback).toHaveBeenCalledOnce(); + expect(callback.mostRecentCall.args[0]).toEqual([1, 'abc', {foo:'bar'}]); + }); }); |