kylefang/angular.js
1
0
Fork 0
mirror of https://github.com/zhigang1992/angular.js.git synced 2026-04-21 01:57:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix($http): allow multiple json vulnerability prefixes

Browse Source 
We strip out both:
)]}',
)]}'
This commit is contained in:
Vojta Jina
2011-10-18 17:03:48 -07:00
committed by Igor Minar
parent fdcc2dbfd3
commit fe633dd0cf
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
test/service/httpSpec.js
View File

@@ -743,6 +743,16 @@ describe('$http', function() {
expect(callback).toHaveBeenCalledOnce();
expect(callback.mostRecentCall.args[0]).toEqual([1, 'abc', {foo:'bar'}]);
});
it('should deserialize json with security prefix ")]}\'"', function() {
$httpBackend.expect('GET', '/url').respond(')]}\'\n\n[1, "abc", {"foo":"bar"}]');
$http({method: 'GET', url: '/url'}).on('200', callback);
$httpBackend.flush();
expect(callback).toHaveBeenCalledOnce();
expect(callback.mostRecentCall.args[0]).toEqual([1, 'abc', {foo:'bar'}]);
});
});