Eval() is a security issue for modern browsers. Fixing dependency on old unmaintained library

iVis-at-Bilkent / cytoscape.js-fcose

fCoSE: a fast Compound Spring Embedder

MIT License

137 stars 25 forks source link

Eval() is a security issue for modern browsers. Fixing dependency on old unmaintained library #19

Closed fdominik closed 4 years ago

fdominik commented 4 years ago

I have fixed dependency on old unmaintained library, which had a security issue when using eval() function. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval The library "numeric" is 8 years without any update and shouldnt be used.

Added different library for computing Singular Value Decomposition (SVD-js still maintained in 2020).
Added transform function from numeric library directly, as it is an easy Matrix Transformation.

hasanbalci commented 4 years ago

@fdominik Thanks for your contribution! We will completely remove numeric.js dependency and adopt a safe svd implementation to fcose in the next release. I tried the svd-js library before as an alternative but it has a bug related to computation that I already informed the developer of the library.