kylefang/angular.js
1
0
Fork 0
mirror of https://github.com/zhigang1992/angular.js.git synced 2026-06-17 02:41:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix($parse): ensure CSP assignable expressions have assign()

Browse Source 
Fixes regression where the `assign()` method was not added to chains of identifiers in CSP mode,
introduced originally in b3b476d.

Also fixes the $parse test suite to ensure that CSP code paths are taken when they're expected to be
taken.

Closes #9048
This commit is contained in:
Caitlin Potter
2014-09-12 08:25:41 -04:00
parent c1f2c3ea83
commit d13b4bd1f5
2 changed files with 10 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/ng/parse.js
View File

@@ -898,7 +898,7 @@ function getterFn(path, options, fullExp) {
if (pathKeysLength < 6) {
fn = cspSafeGetterFn(pathKeys[0], pathKeys[1], pathKeys[2], pathKeys[3], pathKeys[4], fullExp);
} else {
fn = function(scope, locals) {
fn = function cspSafeGetter(scope, locals) {
var i = 0, val;
do {
val = cspSafeGetterFn(pathKeys[i++], pathKeys[i++], pathKeys[i++], pathKeys[i++],
@@ -927,14 +927,14 @@ function getterFn(path, options, fullExp) {
var evaledFnGetter = new Function('s', 'l', code); // s=scope, l=locals
/* jshint +W054 */
evaledFnGetter.toString = valueFn(code);
evaledFnGetter.assign = function(self, value) {
return setter(self, path, value, path);
};
fn = evaledFnGetter;
}
fn.sharedGetter = true;
fn.assign = function(self, value) {
return setter(self, path, value, path);
};
getterFnCache[path] = fn;
return fn;
}

19
test/ng/parseSpec.js
View File

@@ -210,19 +210,12 @@ describe('parser', function() {
forEach([true, false], function(cspEnabled) {
describe('csp: ' + cspEnabled, function() {
var originalSecurityPolicy;
beforeEach(function() {
originalSecurityPolicy = window.document.securityPolicy;
window.document.securityPolicy = {isActive : cspEnabled};
});
afterEach(function() {
window.document.securityPolicy = originalSecurityPolicy;
});
beforeEach(module(provideLog));
beforeEach(module(function($provide) {
$provide.decorator('$sniffer', function($delegate) {
$delegate.csp = cspEnabled;
return $delegate;
});
}, provideLog));
beforeEach(inject(function ($rootScope) {
scope = $rootScope;