honeymoose
/
angular-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(security): support XSSI prefixes with and without commas. 

Some implementations use an XSSI prefix with a trailing comma, some without.
This changes Angular to support both.
This commit is contained in:
Martin Probst 2016-06-08 20:50:58 -07:00
parent 7ce0fc7d47
commit 729dc3b764
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/@angular/http/src/backends/xhr_backend.ts
View File

@ -13,7 +13,7 @@ import {Observable} from 'rxjs/Observable';
import {Observer} from 'rxjs/Observer';
import {isSuccess, getResponseURL} from '../http_utils';
const XSSI_PREFIX = ')]}\',\n';
const XSSI_PREFIX = /^\)\]\}',?\n/;
/**
* Creates connections using `XMLHttpRequest`. Given a fully-qualified
@ -46,9 +46,7 @@ export class XHRConnection implements Connection {
// IE10)
let body = isPresent(_xhr.response) ? _xhr.response : _xhr.responseText;
// Implicitly strip a potential XSSI prefix.
if (isString(body) && body.startsWith(XSSI_PREFIX)) {
body = body.substring(XSSI_PREFIX.length);
}
if (isString(body)) body = body.replace(XSSI_PREFIX, '');
let headers = Headers.fromResponseHeaderString(_xhr.getAllResponseHeaders());
let url = getResponseURL(_xhr);

13
modules/@angular/http/test/backends/xhr_backend_spec.ts
View File

@ -472,6 +472,17 @@ export function main() {
existingXHRs[0].dispatchEvent('load');
}));
it('should strip XSSI prefixes', inject([AsyncTestCompleter], (async: AsyncTestCompleter) => {
var conn = new XHRConnection(sampleRequest, new MockBrowserXHR(), new ResponseOptions());
conn.response.subscribe((res: Response) => {
expect(res.text()).toBe('{json: "object"}');
async.done();
});
existingXHRs[0].setStatusCode(200);
existingXHRs[0].setResponseText(')]}\'\n{json: "object"}');
existingXHRs[0].dispatchEvent('load');
}));
it('should strip XSSI prefixes', inject([AsyncTestCompleter], (async: AsyncTestCompleter) => {
var conn = new XHRConnection(sampleRequest, new MockBrowserXHR(), new ResponseOptions());
conn.response.subscribe((res: Response) => {
@ -491,7 +502,7 @@ export function main() {
async.done();
});
existingXHRs[0].setStatusCode(404);
existingXHRs[0].setResponseText(')]}\',\n{json: "object"}');
existingXHRs[0].setResponseText(')]}\'\n{json: "object"}');
existingXHRs[0].dispatchEvent('load');
}));