Custom Query (18300 matches)

open Safari 4 on Windows XP, load grid/tests/test_grid_column_display.html. Use keyboard to put focus on a column header. Press shift+F10 to invoke the custom context menu for the grid header. The custom context menu is displayed but note that the default browser context menu is also displayed. Only the custom context menu should be displayed.

Navigate to a data cell and press shift+F10 - there should be no context menu displayed but the browser context menu is displayed.

Discovered in 1.4 but also occurs in 1.3.2

Currently, the fromJson method blindly eval()s any string passed to it, a potentially dangerous operation (depending on the string's source, it could easily contain injected code). A simple RegExp check can be used to prevent this: any string which does not match

`/^(?:[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t]|"(?:\\.|[^"\\])*")*$/` 

is not valid JSON and should not be eval()ed. (Note that the reverse is not true; that expression can match invalid JSON, but it at least won't be malicious — no function calls, control structures, etc.)

Adding the line

`if (!/^(?:[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t]|"(?:\\.|[^"\\])*")*$/.test(json)) throw "invalid JSON";` // (or some such) 

to fromJson would prevent this kind of script injection. It is also a cheap operation: it only traverses the string once and fails early if an invalid character is found.

Here is the simplified case:

The following input code

define([], function () {
this.testAttribute = function /***/problematicFunction/***/(name, directiveFactory) {
     var testFunction = function() {
         //doAnything 
      };
      testFunction(/***/problematicFunction/***/);
      return this;
  };
});

becomes

define("desktop/shrinkSafeTest",[],function(){
this.testAttribute=function /***/problematicFunction/***/(_1,_2){
var _3=function(){
};
_3(/***/_4/***/);
return this;
};
});