From c9c885ddcf94836f1903e8155f1f5caa12447c66 Mon Sep 17 00:00:00 2001 From: George Kalpakas Date: Tue, 20 Feb 2018 18:23:07 +0200 Subject: [PATCH] refactor($compile): avoid catastrophic backtracking when parsing bindings This isn't expected to have any actual impact, since AngularJS is only intended to be used in the browser (not the server) and for this RegExp to be exploited by malicious user code the developer would have to have to give the user rights to execute arbitrary JavaScript code anyway. Fixing as a general good practice and to avoid encouraging use of a similar RegExp in other environments where it might actually matter. --- src/ng/compile.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ng/compile.js b/src/ng/compile.js index 6ae2722a6fde..603d94ed9522 100644 --- a/src/ng/compile.js +++ b/src/ng/compile.js @@ -1014,11 +1014,13 @@ function $CompileProvider($provide, $$sanitizeUriProvider) { var bindingCache = createMap(); function parseIsolateBindings(scope, directiveName, isController) { - var LOCAL_REGEXP = /^\s*([@&<]|=(\*?))(\??)\s*([\w$]*)\s*$/; + var LOCAL_REGEXP = /^([@&<]|=(\*?))(\??)\s*([\w$]*)$/; var bindings = createMap(); forEach(scope, function(definition, scopeName) { + definition = definition.trim(); + if (definition in bindingCache) { bindings[scopeName] = bindingCache[definition]; return;