This repository was archived by the owner on Apr 12, 2024. It is now read-only.
File tree 2 files changed +12
-0
lines changed
2 files changed +12
-0
lines changed Original file line number Diff line number Diff line change @@ -1538,6 +1538,11 @@ function allowAutoBootstrap(document) {
15381538 return true ;
15391539 }
15401540
1541+ // If the `currentScript` property has been clobbered just return false, since this indicates a probable attack
1542+ if ( ! ( script instanceof window . HTMLScriptElement || script instanceof window . SVGScriptElement ) ) {
1543+ return false ;
1544+ }
1545+
15411546 var srcs = [ script . getAttribute ( 'src' ) , script . getAttribute ( 'href' ) , script . getAttribute ( 'xlink:href' ) ] ;
15421547
15431548 return srcs . every ( function ( src ) {
Original file line number Diff line number Diff line change @@ -1784,6 +1784,13 @@ describe('angular', function() {
17841784 expect ( allowAutoBootstrap ( createFakeDoc ( { src : 'resource://something' , href : 'http://something' , 'xlink:href' : 'http://something' } ) ) ) . toBe ( false ) ;
17851785 } ) ;
17861786
1787+ it ( 'should not bootstrap if the currentScript property has been clobbered' , function ( ) {
1788+
1789+ var img = document . createElement ( 'img' ) ;
1790+ img . setAttribute ( 'src' , '' ) ;
1791+ expect ( allowAutoBootstrap ( createFakeDoc ( { } , 'http:' , img ) ) ) . toBe ( false ) ;
1792+ } ) ;
1793+
17871794 it ( 'should not bootstrap if bootstrapping is disabled' , function ( ) {
17881795 isAutoBootstrapAllowed = false ;
17891796 angularInit ( jqLite ( '<div ng-app></div>' ) [ 0 ] , bootstrapSpy ) ;
You can’t perform that action at this time.
0 commit comments