kylefang/angular.js
1
0
Fork 0
mirror of https://github.com/zhigang1992/angular.js.git synced 2026-05-07 12:55:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(*): protect calls to hasOwnProperty in public API

Browse Source 
Objects received from outside AngularJS may have had their `hasOwnProperty`
method overridden with something else. In cases where we can do this without
incurring a performance penalty we call directly on Object.prototype.hasOwnProperty
to ensure that we use the correct method.

Also, we have some internal hash objects, where the keys for the map are provided
from outside AngularJS. In such cases we either prevent `hasOwnProperty` from
being used as a key or provide some other way of preventing our objects from
having their `hasOwnProperty` overridden.

BREAKING CHANGE: Inputs with name equal to "hasOwnProperty" are not allowed inside
form or ngForm directives.

Before, inputs whose name was "hasOwnProperty" were quietly ignored and not added
to the scope.  Now a badname exception is thrown.

Using "hasOwnProperty" for an input name would be very unusual and bad practice.
Either do not include such an input in a `form` or `ngForm` directive or change
the name of the input.

Closes #3331
This commit is contained in:
Peter Bacon Darwin
2013-10-05 10:49:09 +01:00
committed by Vojta Jina
parent fb99f54206
commit 7a586e5c19
24 changed files with 196 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
test/ng/parseSpec.js
View File

@@ -351,6 +351,26 @@ describe('parser', function() {
expect(scope.$eval('toString()', scope)).toBe('custom toString');
});
it('should not break if hasOwnProperty is referenced in an expression', function() {
scope.obj = { value: 1};
// By evaluating an expression that calls hasOwnProperty, the getterFnCache
// will store a property called hasOwnProperty. This is effectively:
// getterFnCache['hasOwnProperty'] = null
scope.$eval('obj.hasOwnProperty("value")');
// If we rely on this property then evaluating any expression will fail
// because it is not able to find out if obj.value is there in the cache
expect(scope.$eval('obj.value')).toBe(1);
});
it('should not break if the expression is "hasOwnProperty"', function() {
scope.fooExp = 'barVal';
// By evaluating hasOwnProperty, the $parse cache will store a getter for
// the scope's own hasOwnProperty function, which will mess up future cache look ups.
// i.e. cache['hasOwnProperty'] = function(scope) { return scope.hasOwnProperty; }
scope.$eval('hasOwnProperty');
expect(scope.$eval('fooExp')).toBe('barVal');
});
it('should evaluate grouped expressions', function() {
expect(scope.$eval("(1+2)*3")).toEqual((1+2)*3);
});