kylefang/angular.js
1
0
Fork 0
mirror of https://github.com/zhigang1992/angular.js.git synced 2026-04-21 01:57:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
48fa3aadd546036c7e69f71046f659ab1de244c6
angular.js/test
History
Jann Horn 48fa3aadd5 fix($parse): forbid __{define,lookup}{Getter,Setter}__ properties 
It was possible to use `{}.__defineGetter__.call(null, 'alert', (0).valueOf.bind(0))` to set
`window.alert` to a false-ish value, thereby breaking the `isWindow` check, which might lead
to arbitrary code execution in browsers that let you obtain the window object using Array methods.
Prevent that by blacklisting the nasty __{define,lookup}{Getter,Setter}__ properties.

BREAKING CHANGE:
This prevents the use of __{define,lookup}{Getter,Setter}__ inside angular
expressions. If you really need them for some reason, please wrap/bind them to make them
less dangerous, then make them available through the scope object.
2014-06-30 09:25:23 -07:00
..
auto
fix(injector): allow multiple loading of function modules
2014-06-16 20:43:16 -04:00
e2e
tests(docsAppE2E): fix race condition flake with switching to new frame
2014-05-23 11:28:53 -07:00
fixtures
fix(jqLite): make jqLite('<iframe src="someurl">').contents() return iframe document, as in jQuery
2014-02-18 18:43:59 -05:00
helpers
fix(testabilityPatch): fix invocations of angular.mock.dump
2014-06-23 23:38:15 +02:00
ng
fix($parse): forbid __{define,lookup}{Getter,Setter}__ properties
2014-06-30 09:25:23 -07:00
ngAnimate
fix(ngAnimate): $animate methods should accept native dom elements
2014-06-02 13:40:12 -07:00
ngCookies
chore(jshint): enforce jshint for tests
2014-04-27 21:20:31 +01:00
ngMessages
test(ngMessages): use strict-di for ngMessages tests
2014-05-15 11:14:15 -04:00
ngMock
fix(injector): allow multiple loading of function modules
2014-06-16 20:43:16 -04:00
ngResource
fix(ngResource): don't convert literal values into Resource objects when isArray is true
2014-06-13 13:41:18 -07:00
ngRoute
docs(*): fix its vs it's typos.
2014-05-20 17:45:08 -04:00
ngSanitize
fix(ngSanitize): encode surrogate pair properly
2014-05-02 17:48:57 -04:00
ngScenario
chore(jshint): enforce jshint for tests
2014-04-27 21:20:31 +01:00
ngTouch
feat(ngTouch): add optional ngSwipeDisableMouse attribute to ngSwipe directives to ignore mouse events.
2014-05-14 14:17:19 -07:00
.jshintrc
fix(core): drop the toBoolean function
2014-06-26 20:52:04 +01:00
AngularSpec.js
fix(Angular.copy): preserve prototype chain when copying objects
2014-06-30 10:41:43 +01:00
ApiSpecs.js
fix(injector): allow multiple loading of function modules
2014-06-16 20:43:16 -04:00
BinderSpec.js
fix(core): drop the toBoolean function
2014-06-26 20:52:04 +01:00
jqLiteSpec.js
feat(jqLite): support isDefaultPrevented for triggerHandler dummies
2014-06-27 17:10:10 -07:00
jquery_alias.js
chore(jshint): enforce jshint for tests
2014-04-27 21:20:31 +01:00
jquery_remove.js
chore(jshint): enforce jshint for tests
2014-04-27 21:20:31 +01:00
jQueryPatchSpec.js
refactor(jqLite): stop patching individual jQuery methods
2014-05-10 23:32:29 +02:00
loaderSpec.js
fix(injector): invoke config blocks for module after all providers
2014-05-02 14:12:22 -04:00
minErrSpec.js
feat(minerr): log minerr doc url in development
2013-08-15 13:23:18 -07:00