Comments (1)
Yes, the same as having this in your app's template:
<span>{{constructor.constructor('alert(JSON.stringify(localStorage))')()}}</span>
angular-translate relies on the same technique under the hood when interpolating your variables. The translation keys are meant to be string keys and in your control. Both template and translation keys should be under your (and your app's) control.
In security aspects, that is not ideal. But the official long term support of AngularJS has also stopped at the beginning of this year.
If you think there is a reasonable fix for this without breaking everything, you are welcome making a PR.
from angular-translate.
Related Issues (20)
- Use templated string as key HOT 1
- bower repo doesn't have latest release tag HOT 3
- De-cloaking broken in 2.18.2 HOT 4
- Default interpolationParams allows access to function constructor HOT 1
- translate dynamic content loaded with ajax HOT 1
- How to use UI router with angular translate? HOT 1
- [email protected] support HOT 5
- translate-sanitize-strategy HOT 4
- “SameSite” attribute warning HOT 1
- Not changing languages on ng-click
- Cookie “NG_TRANSLATE_LANG_KEY” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. HOT 9
- Two Languages at same time HOT 1
- IOS cordova When i upgrade the AngularJs to 1.8.2 the words will be missed which was been translated. HOT 1
- Using AngularJS Filters with Pluralization via MessageFormat HOT 1
- $translatePartialLoader.doesnot allow ë à á characters HOT 4
- Unexpected behavior registering translations with .translations() and using an async loader with .forceAsyncReload(true) HOT 3
- Partial loading can fail silently without any hints HOT 1
- $translateStaticFilesLoader should behave gracefully when one of translations cannot be loaded HOT 1
- Team awareness required: Future project state HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angular-translate.