You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 13, 2022. It is now read-only.
Current behavior:
Currently, $setViewValue(value) function accepts objects as a value, but requires them to be a angular.copy of the previous object - since otherwise it will not detect the change (no deep comparison). This is expected and documented behaviour. The opposite function, however, $processModelValue() function cannot properly process the $modelValue which is an object (an end result of the $setViewValue(object) function above), even though it implicitly should. It improperly treats it as a simple type, and within the $$format() function makes new $viewValue and $modelValue be the two references to the same object with properties - and therefore all $formatters also affect $modelValue where they should not - which affects $validators and causes them to fail where they should succeed.
This means that $modelValue object is being stored directly from user input, circumventing parsers altogether - which is a security concern.
Expected behavior:
The $processModelValue() and consequently $$format() functions should properly detect if the $modelValue is an object, and ensure that formatters only act on a copy of the original $modelValue object, which copy the $$format() function should return.
Minimal reproduction of the problem with instructions:
AngularJS version: 1.7.9
Browser: should be affecting ALL browsers, explicitly observed in Chrome 81
Anything else:
Can be fixed by replacing the line 1042 of ngModel.js file:
From: var viewValue = this.$modelValue;
To: var viewValue = angular.copy(this.$modelValue);
The text was updated successfully, but these errors were encountered:
To add possible locations where object handling is broken:
Line 707 of ngModel.js (within commitViewValue() function)
From: var viewValue = this.$viewValue;
To: var viewValue = angular.copy(this.$viewValue);
Line 728 of ngModel.js (within $$parseAndValidate() function)
From: var viewValue = this.$$lastCommittedViewValue;
To: var viewValue = angular.copy(this.$$lastCommittedViewValue);
Given that AngularJS is in Long-Term Support mode (see here for details), I am afraid we are not going to fix this kind of issues (even if it might be a valid issue).
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm submitting a ...
Current behavior:$setViewValue(object) function above), even though it implicitly should. It improperly treats it as a simple type, and within the $ $format() function makes new $viewValue and $modelValue be the two references to the same object with properties - and therefore all $formatters also affect $modelValue where they should not - which affects $validators and causes them to fail where they should succeed.
Currently, $setViewValue(value) function accepts objects as a value, but requires them to be a angular.copy of the previous object - since otherwise it will not detect the change (no deep comparison). This is expected and documented behaviour. The opposite function, however, $processModelValue() function cannot properly process the $modelValue which is an object (an end result of the
This means that $modelValue object is being stored directly from user input, circumventing parsers altogether - which is a security concern.
Expected behavior:$processModelValue() and consequently $ $format() functions should properly detect if the $modelValue is an object, and ensure that formatters only act on a copy of the original $modelValue object, which copy the $ $format() function should return.
The
Minimal reproduction of the problem with instructions:
AngularJS version: 1.7.9
Browser: should be affecting ALL browsers, explicitly observed in Chrome 81
Anything else:
Can be fixed by replacing the line 1042 of ngModel.js file:
From:
var viewValue = this.$modelValue;
To:
var viewValue = angular.copy(this.$modelValue);
The text was updated successfully, but these errors were encountered: