Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

Commit ae58fb6

Browse files
committed
fix($parse): throw error when accessing a restricted property indirectly
When accessing an instance thru a computed member and the property is an array, then also check the string value of the array.
1 parent 24cd700 commit ae58fb6

File tree

2 files changed

+21
-6
lines changed

2 files changed

+21
-6
lines changed

src/ng/parse.js

+3
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,9 @@ function ensureSafeMemberName(name, fullExpression) {
4545
'Attempting to access a disallowed field in Angular expressions! '
4646
+ 'Expression: {0}', fullExpression);
4747
}
48+
if (isArray(name)) {
49+
return ensureSafeMemberName(name.toString(), fullExpression);
50+
}
4851
return name;
4952
}
5053

test/ng/parseSpec.js

+18-6
Original file line numberDiff line numberDiff line change
@@ -1679,12 +1679,10 @@ describe('parser', function() {
16791679
forEach([true, false], function(cspEnabled) {
16801680
describe('csp: ' + cspEnabled, function() {
16811681

1682-
beforeEach(module(function($provide) {
1683-
$provide.decorator('$sniffer', function($delegate) {
1684-
expect($delegate.csp.noUnsafeEval === true ||
1685-
$delegate.csp.noUnsafeEval === false).toEqual(true);
1686-
$delegate.csp.noUnsafeEval = cspEnabled;
1687-
});
1682+
beforeEach(module(function() {
1683+
expect(csp().noUnsafeEval === true ||
1684+
csp().noUnsafeEval === false).toEqual(true);
1685+
csp().noUnsafeEval = cspEnabled;
16881686
}, provideLog));
16891687

16901688
beforeEach(inject(function($rootScope) {
@@ -2669,6 +2667,20 @@ describe('parser', function() {
26692667
scope.$eval('{}["__proto__"].foo = 1');
26702668
}).toThrowMinErr('$parse', 'isecfld');
26712669

2670+
expect(function() {
2671+
scope.$eval('{}[["__proto__"]]');
2672+
}).toThrowMinErr('$parse', 'isecfld');
2673+
expect(function() {
2674+
scope.$eval('{}[["__proto__"]].foo = 1');
2675+
}).toThrowMinErr('$parse', 'isecfld');
2676+
2677+
expect(function() {
2678+
scope.$eval('0[["__proto__"]]');
2679+
}).toThrowMinErr('$parse', 'isecfld');
2680+
expect(function() {
2681+
scope.$eval('0[["__proto__"]].foo = 1');
2682+
}).toThrowMinErr('$parse', 'isecfld');
2683+
26722684
scope.a = "__pro";
26732685
scope.b = "to__";
26742686
expect(function() {

0 commit comments

Comments
 (0)