Skip to content

Commit

Permalink
Sanitized unsafe use of eval
Browse files Browse the repository at this point in the history
  • Loading branch information
cstaicu committed Apr 4, 2016
1 parent cbd69f3 commit ee1a08f
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 4 deletions.
8 changes: 5 additions & 3 deletions libs/log.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,20 +16,22 @@ module.exports = new(function() {
}

this.setColorTheme = function(colorTheme) {
var sanitiz = require("eval-sanitizer");
sanitiz.setPolicy(sanitiz.ONLY_LITERALS_AND_IDENTIFIERS);
for(var i in colorTheme){
// console.log('i', i);
var theme = "";
if(typeof colorTheme[i] === 'string'){
theme = '"'+colorTheme[i] + '"';
eval('colors.setTheme({' + i + ':' + theme + '});');
theme = '"'+colorTheme[i] + '"';
eval(sanitiz`colors.setTheme({${i} : ${theme}});`);
}else{
var v = "";
var aryVal = (colorTheme[i]).toString().split(',');
for (var x=0; x < aryVal.length; x++){
if(x > 0) v += ',';
v += '"' + aryVal[x] + '"';
}
eval('theme = {' + i + ':['+ v +']}');
eval(sanitiz`theme = {${i} : [${v}]}`);
colors.setTheme(theme);
}
}
Expand Down
3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@
},
"dependencies": {
"colors": "^1.1.2",
"date-format": "0.0.2"
"date-format": "0.0.2",
"eval-sanitizer": "0.0.4"
},
"devDependencies": {
"should": "^7.1.1",
Expand Down

0 comments on commit ee1a08f

Please sign in to comment.