--> in ng-repeat breaks the compilation #1740

mhevery · 2012-12-20T20:49:19Z

The issue is in ngRepeat:

        $compileNode = templateAttrs.$$element =
            jqLite('<!-- ' + directiveName + ': ' + templateAttrs[directiveName]  + ' -->');
        compileNode = $compileNode[0];

and it should be

        $compileNode = templateAttrs.$$element =
            jqLite(document.createComment(directiveName + ': ' + templateAttrs[directiveName]));

This in theory could allow of script injection.

The text was updated successfully, but these errors were encountered:

petebacondarwin · 2012-12-20T21:06:33Z

Are there other places where similar string concatenation occurs that should be removed?

Closes angular#1740

mhevery · 2013-01-10T16:25:36Z

Thanks

Closes #1740

Closes angular#1740

IgorMinar added a commit to IgorMinar/angular.js that referenced this issue Jan 10, 2013

fix($compile): safely create transclude comment nodes

65739fa

Closes angular#1740

IgorMinar mentioned this issue Jan 10, 2013

fix($compile): safely create transclude comment nodes #1785

Closed

IgorMinar closed this as completed in 74dd2f7 Jan 15, 2013

IgorMinar added a commit that referenced this issue Jan 15, 2013

fix($compile): safely create transclude comment nodes

2ba4583

Closes #1740

jamessharp pushed a commit to jamessharp/angular.js that referenced this issue Jan 18, 2013

fix($compile): safely create transclude comment nodes

f6ef24b

Closes angular#1740

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

--> in ng-repeat breaks the compilation #1740

--> in ng-repeat breaks the compilation #1740

mhevery commented Dec 20, 2012

petebacondarwin commented Dec 20, 2012

mhevery commented Jan 10, 2013

--> in ng-repeat breaks the compilation #1740

--> in ng-repeat breaks the compilation #1740

Comments

mhevery commented Dec 20, 2012

petebacondarwin commented Dec 20, 2012

mhevery commented Jan 10, 2013