This repository was archived by the owner on Apr 12, 2024. It is now read-only.
PRESUBMIT: Pr 8901 #9000
Closed
PRESUBMIT: Pr 8901 #9000
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updating to karma 0.12.13 (in commit 408508a) caused `iit` and `ddescribe` to crash and disconnect the browser stopping the test run. It appears that the problem is with one of the dependencies of karma rather than karma itself. At least one of the karma dependencies updated in line with karma's dependencies' semver specifications but subtly changed their behaviour to break karma. Possibly this is related to chokidar, glob, minimatch or fsevents.
…animated away During the recent refactoring a typo was made that broke code that detects if we are already removed from the DOM (animation has completed). Closes angular#8918 Closes angular#8994
It is now possible for ngInclude to correctly load SVG content in non-blink browsers, which do not sort out the namespace when parsing HTML. Closes angular#7538 Closes angular#8981 Closes angular#8997
Fix the following exploit:
hasOwnProperty.constructor.prototype.valueOf = valueOf.call;
["a", "alert(1)"].sort(hasOwnProperty.constructor);
The exploit:
• 1. Array.sort takes a comparison function and passes it 2 parameters to compare.
2. It then calls .valueOf() if the result is not a primitive.
• The Function object conveniently accepts two string arguments so we can use this
to construct a function. However, this doesn't do much unless we can execute it.
• We set the valueOf function on Function.prototype to Function.prototype.call.
This causes the function that we constructed to be executed when sort calls
.valueOf() on the result of the comparison.
The fix is in two parts.
• Disallow passing unsafe objects to function calls as parameters.
• Do not traverse the Function object when setting a path.
…emplate" This reverts commit 6d1e7cd. This commit was causing breakages because of its assumption that transcluded content would be handled predictably, i.e. with ngTransclude, whereas many use cases involve manipulating transcluded content in linking functions.
IgorMinar
force-pushed
the
pr-8901
branch
2 times, most recently
from
cbc62d3 to
5fe5bbf
Compare
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
just testing on ci