|
|
|
|
|
|
by AgentME
3531 days ago
|
|
|
It's not the browser's fault if an extension has a vulnerability which gives away the capabilities the extension was given. It would be the browser's fault if the extension had a vulnerability which somehow managed to give away more permissions than the extension was given in the first place. In this specific case, Angular runs eval-like functions on HTML in the DOM. The DOM can be controlled by the webpage. If Angular is running in a higher-privilege extension, then the webpage can put code in the DOM and let Angular execute it from within the extension. This seems to be a fundamental part of Angular 1.x's design. It just isn't built for this use case. |
|
|