From be0b4856699334ff51bacf2d1fd3394663d6bd28 Mon Sep 17 00:00:00 2001
From: Chirayu Krishnappa
Date: Fri, 9 Aug 2013 14:47:13 -0700
Subject: fix($parse): disallow access to window and dom in expressions

---
 docs/content/error/parse/isecdom.ngdoc    | 16 ++++++++++++++++
 docs/content/error/parse/isecwindow.ngdoc | 16 ++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 docs/content/error/parse/isecdom.ngdoc
 create mode 100644 docs/content/error/parse/isecwindow.ngdoc

(limited to 'docs')

diff --git a/docs/content/error/parse/isecdom.ngdoc b/docs/content/error/parse/isecdom.ngdoc
new file mode 100644
index 00000000..666bf36c
--- /dev/null
+++ b/docs/content/error/parse/isecdom.ngdoc
@@ -0,0 +1,16 @@
+@ngdoc error
+@name $parse:isecdom
+@fullName Referencing a DOM node in Expression
+@description
+
+Occurs when an expression attempts to access a DOM node.
+
+AngularJS restricts access to DOM nodes from within expressions since it's a known way to
+execute arbitrary Javascript code.
+
+This check is only performed on object index and function calls in Angular expressions.  These are
+places that are harder for the developer to guard.  Dotted member access (such as a.b.c) does not
+perform this check - it's up to the developer to not expose such sensitive and powerful objects
+directly on the scope chain.
+
+To resolve this error, avoid access to DOM nodes.
diff --git a/docs/content/error/parse/isecwindow.ngdoc b/docs/content/error/parse/isecwindow.ngdoc
new file mode 100644
index 00000000..81adeea0
--- /dev/null
+++ b/docs/content/error/parse/isecwindow.ngdoc
@@ -0,0 +1,16 @@
+@ngdoc error
+@name $parse:isecwindow
+@fullName Referencing Window object in Expression
+@description
+
+Occurs when an expression attempts to access a Window object.
+
+AngularJS restricts access to the Window object from within expressions since it's a known way to
+execute arbitrary Javascript code.
+
+This check is only performed on object index and function calls in Angular expressions.  These are
+places that are harder for the developer to guard.  Dotted member access (such as a.b.c) does not
+perform this check - it's up to the developer to not expose such sensitive and powerful objects
+directly on the scope chain.
+
+To resolve this error, avoid Window access.
-- 
cgit v1.2.3