admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-20 19:32:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): Filter out prototype and constructor lookups in expressions (#10382)

Browse Source
This commit is contained in:
Val
2024-08-13 16:57:01 +01:00
committed by GitHub
parent 117e2d968f
commit 8e7d29ad3c
7 changed files with 162 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/workflow/src/Expression.ts
View File

@@ -26,6 +26,7 @@ import { extendSyntax } from './Extensions/ExpressionExtension';
import { evaluateExpression, setErrorHandler } from './ExpressionEvaluatorProxy';
import { getGlobalState } from './GlobalState';
import { ApplicationError } from './errors/application.error';
import { sanitizer, sanitizerName } from './ExpressionSandboxing';
const IS_FRONTEND_IN_DEV_MODE =
typeof process === 'object' &&
@@ -306,6 +307,8 @@ export class Expression {
data.extend = extend;
data.extendOptional = extendOptional;
data[sanitizerName] = sanitizer;
Object.assign(data, extendedFunctions);
const constructorValidation = new RegExp(/\.\s*constructor/gm);