From fe633dd0cf3d52f84ce73f486bcbd4e1d3058857 Mon Sep 17 00:00:00 2001
From: Vojta Jina
Date: Tue, 18 Oct 2011 17:03:48 -0700
Subject: fix($http): allow multiple json vulnerability prefixes

We strip out both:
)]}',
)]}'
---
 test/service/httpSpec.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'test/service')

diff --git a/test/service/httpSpec.js b/test/service/httpSpec.js
index ad83bdf8..b39ac3d7 100644
--- a/test/service/httpSpec.js
+++ b/test/service/httpSpec.js
@@ -743,6 +743,16 @@ describe('$http', function() {
           expect(callback).toHaveBeenCalledOnce();
           expect(callback.mostRecentCall.args[0]).toEqual([1, 'abc', {foo:'bar'}]);
         });
+
+
+        it('should deserialize json with security prefix ")]}\'"', function() {
+          $httpBackend.expect('GET', '/url').respond(')]}\'\n\n[1, "abc", {"foo":"bar"}]');
+          $http({method: 'GET', url: '/url'}).on('200', callback);
+          $httpBackend.flush();
+
+          expect(callback).toHaveBeenCalledOnce();
+          expect(callback.mostRecentCall.args[0]).toEqual([1, 'abc', {foo:'bar'}]);
+        });
       });
 
 
-- 
cgit v1.2.3