Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

fix($parse): function call context should be safe#4417

Closed
chirayuk wants to merge 1 commit into
angular:masterfrom
chirayuk:parse_security
Closed

fix($parse): function call context should be safe#4417
chirayuk wants to merge 1 commit into
angular:masterfrom
chirayuk:parse_security

Conversation

@chirayuk
Copy link
Copy Markdown
Contributor

@chirayuk chirayuk commented Oct 14, 2013

No description provided.

@mary-poppins
Copy link
Copy Markdown

mary-poppins commented Oct 14, 2013

Oh Chirayu!  Nice to see you sending PRs again!  :)

vojtajina
vojtajina reviewed Oct 14, 2013
View reviewed changes
Comment thread src/ng/parse.js
Copy link
Copy Markdown
Contributor

@vojtajina vojtajina Oct 14, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to check the fnPtr?

Copy link
Copy Markdown
Contributor Author

@chirayuk chirayuk Oct 14, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, to check for the Function constructor.

@vojtajina
Copy link
Copy Markdown
Contributor

vojtajina commented Oct 14, 2013

LGTM.

I would change the commit msg (something like fix($parse): check function call context to be safe) - imagine, it's gonna be in changelog...

@chirayuk
Copy link
Copy Markdown
Contributor Author

chirayuk commented Oct 14, 2013

@IgorMinar – I think it's a good idea to check the return value.  If someone can get a window/document object returned from a function – even if they can't use it directly in a function call, they could pass it to another function that invokes someone on it, etc. While we could remove it, I prefer keeping it considering the overhead of the function call path.

@IgorMinar
Copy link
Copy Markdown
Contributor

IgorMinar commented Oct 15, 2013

lgtm

@IgorMinar IgorMinar closed this Oct 15, 2013
@IgorMinar IgorMinar reopened this Oct 15, 2013
@buunguyen
Copy link
Copy Markdown
Contributor

buunguyen commented Oct 15, 2013

@chirayuk
Shouldn't the following comment be updated per this commit? (Emphases are mine. These are the parts that seem not to be correct anymore.)

This sandboxing technique is not perfect and doesn't aim to be. The goal is to prevent exploits against the expression language, but not to prevent exploits that were enabled by exposing sensitive JavaScript or browser apis on Scope. Exposing such objects on a Scope is never a good practice and therefore we are not even trying to protect against interaction with an object explicitly exposed in this way.

@chirayuk chirayuk closed this in 6d324c7 Oct 15, 2013
chirayuk added a commit to chirayuk/angular.js that referenced this pull request Oct 15, 2013
@chirayuk
fix($parse): check function call context to be safe
e49b4cd 
Closes angular#4417
jamesdaily pushed a commit to jamesdaily/angular.js that referenced this pull request Jan 27, 2014
@chirayuk @jamesdaily
fix($parse): check function call context to be safe
d300149 
Closes angular#4417
jamesdaily pushed a commit to jamesdaily/angular.js that referenced this pull request Jan 27, 2014
@chirayuk @jamesdaily
fix($parse): check function call context to be safe
c7b7b61 
Closes angular#4417
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

type: bug

Projects

None yet

Milestone

1.2.0 - timely-delivery

Development

Successfully merging this pull request may close these issues.

5 participants

@chirayuk @mary-poppins @vojtajina @IgorMinar @buunguyen