fix($parse): check function call context to be safe

chirayuk · IgorMinar · commit 6d324c76f0d3 · 2013-10-15T06:43:19.000-07:00
Closes #4417
diff --git a/src/ng/parse.js b/src/ng/parse.js
@@ -754,6 +754,7 @@ Parser.prototype = {
       }
       var fnPtr = fn(scope, locals, context) || noop;
 
+      ensureSafeObject(context, parser.text);
       ensureSafeObject(fnPtr, parser.text);
 
       // IE stupidity! (IE doesn't have apply for some native functions)
diff --git a/test/ng/parseSpec.js b/test/ng/parseSpec.js
@@ -730,6 +730,20 @@ describe('parser', function() {
                     '$parse', 'isecdom', 'Referencing DOM nodes in Angular expressions is ' +
                     'disallowed! Expression: getDoc()');
           }));
+
+          it('should NOT allow calling functions on Window or DOM', inject(function($window, $document) {
+            scope.a = {b: { win: $window, doc: $document }};
+            expect(function() {
+              scope.$eval('a.b.win.alert(1)', scope);
+            }).toThrowMinErr(
+                    '$parse', 'isecwindow', 'Referencing the Window in Angular expressions is ' +
+                    'disallowed! Expression: a.b.win.alert(1)');
+            expect(function() {
+              scope.$eval('a.b.doc.on("click")', scope);
+            }).toThrowMinErr(
+                    '$parse', 'isecdom', 'Referencing DOM nodes in Angular expressions is ' +
+                    'disallowed! Expression: a.b.doc.on("click")');
+          }));
         });
       });
 

Original file line number	Diff line number	Diff line change
`@@ -754,6 +754,7 @@ Parser.prototype = {`
`754`	`754`	`}`
`755`	`755`	`var fnPtr = fn(scope, locals, context) \|\| noop;`
`756`	`756`
	`757`	`+ ensureSafeObject(context, parser.text);`
`757`	`758`	`ensureSafeObject(fnPtr, parser.text);`
`758`	`759`
`759`	`760`	`// IE stupidity! (IE doesn't have apply for some native functions)`