Custom Query (18300 matches)


Show under each result:

Results (178 - 180 of 18300)

Ticket Resolution Summary Owner Reporter
#10535 patchwelcome Grid: default context menu is displayed in Safari4/win when header contextMenu invoked via keyboard Evan Becky

open Safari 4 on Windows XP, load grid/tests/test_grid_column_display.html. Use keyboard to put focus on a column header. Press shift+F10 to invoke the custom context menu for the grid header. The custom context menu is displayed but note that the default browser context menu is also displayed. Only the custom context menu should be displayed.

Navigate to a data cell and press shift+F10 - there should be no context menu displayed but the browser context menu is displayed.

Discovered in 1.4 but also occurs in 1.3.2

#10333 fixed fromJson should not eva() without check anonymous Ben Blank

Currently, the fromJson method blindly eval()s any string passed to it, a potentially dangerous operation (depending on the string's source, it could easily contain injected code). A simple RegExp check can be used to prevent this: any string which does not match

`/^(?:[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t]|"(?:\\.|[^"\\])*")*$/` 

is not valid JSON and should not be eval()ed. (Note that the reverse is not true; that expression can match invalid JSON, but it at least won't be malicious — no function calls, control structures, etc.)

Adding the line

`if (!/^(?:[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t]|"(?:\\.|[^"\\])*")*$/.test(json)) throw "invalid JSON";` // (or some such) 

to fromJson would prevent this kind of script injection. It is also a cheap operation: it only traverses the string once and fails early if an invalid character is found.

#18514 duplicate Shrinksafe fails to shrink angular (tested with 1.3.6) Richard Backhouse BenjaminH

Here is the simplified case:

The following input code

define([], function () {
this.testAttribute = function /***/problematicFunction/***/(name, directiveFactory) {
     var testFunction = function() {
      return this;


this.testAttribute=function /***/problematicFunction/***/(_1,_2){
var _3=function(){
return this;
Note: See TracQuery for help on using queries.