Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Using constructor as node ID results in errors #5451

Closed
Yash-Singh1 opened this issue Apr 10, 2024 · 1 comment · Fixed by #5468
Closed

[BUG] Using constructor as node ID results in errors #5451

Yash-Singh1 opened this issue Apr 10, 2024 · 1 comment · Fixed by #5468
Labels
Good first issue! Status: Approved Is ready to be worked on Type: Bug / Error Something isn't working or is incorrect

Comments

@Yash-Singh1
Copy link
Member

Description

When someone uses constructor or __proto__ as the node ID, then it results in errors since it overrides internal object properties. This isn't prototype pollution, this is just overriding these values can generate errors.

Steps to reproduce

  1. Create a flowchart
  2. Rename the ID to __proto__ or constructor

Screenshots

constructor

Screenshot 2024-04-09 at 8 53 18 PM

view fail TypeError: Cannot read properties of undefined (reading 'id')
    at index-fc10efb0.1MTf2mPJ.js:1:10564
    at Array.map (<anonymous>)
    at M (index-fc10efb0.1MTf2mPJ.js:1:9833)
    at bt (index-fc10efb0.1MTf2mPJ.js:1:11949)
    at Object.ae [as draw] (styles-3ed67cfa.CLmMmzON.js:2:1286)
    at async Object.render$1 [as render] (state.BobIb4kd.js:96:1687)

__proto__

Screenshot 2024-04-09 at 8 53 53 PM

view fail TypeError: Utils.channel.clamp[o] is not a function
    at change (state.BobIb4kd.js:15:10249)
    at adjust (state.BobIb4kd.js:15:11045)
    at new Theme$3 (state.BobIb4kd.js:19:14623)
    at Object.getThemeVariables$3 [as getThemeVariables] (state.BobIb4kd.js:19:27063)
    at Object.initialize$1 [as initialize] (state.BobIb4kd.js:96:2726)
    at Object.initialize (state.BobIb4kd.js:96:5750)
    at render (state.BobIb4kd.js:98:1461)
    at async gt (View.Cek2wZ8c.js:2:340)

Code Sample

flowchart TD
  __proto__ --> B

Setup

  • Mermaid version:
  • Browser and Version: [Chrome, Edge, Firefox]

Suggested Solutions

This should be a pretty simple fix by replacing usages of objects in the db files with Maps. However, I noticed that the classes are exported through the getClasses function on some of the diagrams. So, would switching to Map be considered a breaking change? Another option is to encode the keys before they are inserted into the objects.

Additional Context

No response

@Yash-Singh1 Yash-Singh1 added Type: Bug / Error Something isn't working or is incorrect Status: Triage Needs to be verified, categorized, etc labels Apr 10, 2024
@sidharthv96
Copy link
Member

@Yash-Singh1 we haven't released v11 yet, so breaking changes can go in. No issues.

@sidharthv96 sidharthv96 added Status: Approved Is ready to be worked on Good first issue! and removed Status: Triage Needs to be verified, categorized, etc labels Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Good first issue! Status: Approved Is ready to be worked on Type: Bug / Error Something isn't working or is incorrect
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants