Merge 2ae2ce9 into 13f9e0e

MaslowCNC · Aug 16, 2019 · 84914b5 · 84914b5
2 parents 13f9e0e + 2ae2ce9
commit 84914b5
Show file tree

Hide file tree

Showing 5 changed files with 77 additions and 5 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -19,6 +19,7 @@
     "coveralls": "^3.0.4",
     "esm": "^3.2.22",
     "gsap": "^2.0.1",
+    "mathjs": "^6.0.4",
     "mocha": "^6.1.4",
     "nyc": "^14.1.1",
     "oauthio-web": "^0.6.2",

diff --git a/src/js/globalvariables.js b/src/js/globalvariables.js
@@ -1,3 +1,4 @@
+import { create, all }  from 'mathjs'
 import Assembly         from './molecules/assembly.js'
 import CutAway          from './molecules/cutaway.js'
 import Circle           from './molecules/circle.js'
@@ -138,6 +139,21 @@ class GlobalVariables{
              */
             this.render = result.ask
         })
+
+        const math = create(all)
+        /** 
+         * An evaluator for strings as mathmatical equations which is sandboxed and secure.
+         * @type {function}
+         */
+        this.limitedEvaluate = math.evaluate
+        math.import({
+            'import':     function () { throw new Error('Function import is disabled') },
+            'createUnit': function () { throw new Error('Function createUnit is disabled') },
+            'evaluate':   function () { throw new Error('Function evaluate is disabled') },
+            'parse':      function () { throw new Error('Function parse is disabled') },
+            'simplify':   function () { throw new Error('Function simplify is disabled') },
+            'derivative': function () { throw new Error('Function derivative is disabled') }
+        }, { override: true })
     }
 
     /** 

diff --git a/src/js/molecules/equation.js b/src/js/molecules/equation.js
@@ -78,7 +78,7 @@ export default class Equation extends Atom {
 
 
                 //Evaluate the equation
-                this.value = eval(substitutedEquation)
+                this.value = GlobalVariables.limitedEvaluate(substitutedEquation)
 
                 this.output.setValue(this.value)
                 this.output.ready = true

diff --git a/src/js/prototypes/atom.js b/src/js/prototypes/atom.js
@@ -658,7 +658,7 @@ export default class Atom {
         document.getElementById(thisID).addEventListener('focusout', () => {
             var valueInBox = document.getElementById(thisID).textContent
             if(resultShouldBeNumber){
-                valueInBox = parseFloat(valueInBox)
+                valueInBox = GlobalVariables.limitedEvaluate(valueInBox)
             }
 
             //If the target is an attachmentPoint then call the setter function