Closed OpportunityLiu closed 3 years ago
import { tokenizeExpression, parseExpression, evaluateExpression, printExpression } from "expression-engine"; const tokens = tokenizeExpression(`(a => a).constructor("return this")().alert(12)`) const ast = parseExpression(tokens) const result = evaluateExpression(ast, { b: 2 }) const expression = printExpression(ast)
Access to special members in the prototype chain should be avoided to prevent common attacks.
For reference: https://github.com/josdejong/mathjs/blob/47a493d70ac92daa47b26f9eea88513a7efa4408/src/utils/customs.js
v1.8.2 should fix this
plantain-00
commented
3 years ago plantain-00
commented
3 years ago
Version(if relevant): 1.8.1
Environment(if relevant):
Code(if relevant):
Expected:
Access to special members in the prototype chain should be avoided to prevent common attacks.
For reference: https://github.com/josdejong/mathjs/blob/47a493d70ac92daa47b26f9eea88513a7efa4408/src/utils/customs.js