lainns-mirror/noctalia-shell
1
0
Fork 0
mirror of https://github.com/noctalia-dev/noctalia-shell.git synced 2026-05-11 17:08:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

Revert "fix(launcher): prevent arbitrary js execution. fix #2115"

Browse Source 
This reverts commit 2f4b80d72f.
This commit is contained in:
Lemmy
2026-03-10 00:03:53 -04:00
parent 93deeda589
commit 7bb88e6919
1 changed files with 0 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Helpers/AdvancedMath.js
-11
View File
@@ -88,17 +88,6 @@ function evaluate(expression) {
throw new Error("Invalid characters in expression");
}
// Block dangerous identifiers (prototype chain traversal, code execution)
if (/\b(constructor|prototype|__proto__|__defineGetter__|__defineSetter__|__lookupGetter__|__lookupSetter__|Function|eval|require|import|process|global|window|this|self|globalThis|String|Object|Array|RegExp|Proxy|Reflect|setTimeout|setInterval)\b/.test(processed)) {
throw new Error("Invalid expression");
}
// Only allow Math.method property access - block any other dot-property chains
var withoutMathCalls = processed.replace(/\bMath\.\w+/g, '0');
if (/\./.test(withoutMathCalls)) {
throw new Error("Invalid expression");
}
// Evaluate the processed expression
var result = eval(processed);