Skip to content

Commit 026bad8

Browse files
committed
security update
1 parent e640d1d commit 026bad8

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

src/core/exprify.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -485,7 +485,7 @@ class exprify {
485485
throw new Error('expand() could not identify variable');
486486
}
487487
const v = variableMatch[0];
488-
const cleaned = expr.replace(/\s+/g, '').replace(/"/g, '\\"');
488+
const cleaned = expr.replace(/\s+/g, '').replace(/\\/g, '\\\\').replace(/"/g, '\\"');
489489
const addStar = (/** @type {string} */ s) => s.replace(/(\d)([a-zA-Z_])/g, '$1*$2');
490490
const evalAt = (/** @type {number} */ x) =>
491491
this.evaluate(`substitute("${addStar(cleaned)}", "${v}", ${x})`);
@@ -663,7 +663,7 @@ class exprify {
663663
const variableMatch = cleaned.match(/[a-zA-Z_][a-zA-Z0-9_]*/);
664664
const v = variable || (variableMatch ? variableMatch[0] : 'x');
665665
const addStar = (/** @type {string} */ s) =>
666-
s.replace(/"/g, '\\"').replace(/(\d)([a-zA-Z_])/g, '$1*$2');
666+
s.replace(/\\/g, '\\\\').replace(/"/g, '\\"').replace(/(\d)([a-zA-Z_])/g, '$1*$2');
667667
const cleanedExpr = addStar(cleaned);
668668
const maxPower = 6;
669669
const vals = [];

0 commit comments

Comments
 (0)