Skip to content

docs: improve JSDoc of allowEval properties #729

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tbouffard merged 1 commit into from
Mar 26, 2025
Merged

docs: improve JSDoc of allowEval properties #729

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 7 additions & 6 deletions packages/core/src/serialization/ObjectCodec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ import type Codec from './Codec';
* value-attribute.
*
* For example, the following array contains one atomic value and one object
* with a field called bar. Furthermore it contains two associative entries
* with a field called bar. Furthermore, it contains two associative entries
* called bar with an atomic value, and foo with an object value.
*
* ```javascript
Expand All @@ -135,7 +135,7 @@ import type Codec from './Codec';
* ### References
*
* Objects may be represented as child nodes or attributes with ID values,
* which are used to lookup the object in a table within {@link Codec}. The
* which are used to look up the object in a table within {@link Codec}. The
* {@link isReference} function is in charge of deciding if a specific field should
* be encoded as a reference or not. Its default implementation returns true if
* the field name is in {@link idrefs}, an array of strings that is used to configure
Expand All @@ -159,7 +159,7 @@ import type Codec from './Codec';
* In the case of a tree structure we must further avoid infinite recursion by
* ignoring the parent reference of each child. This is done by returning true
* in {@link isExcluded}, whose default implementation uses the array of excluded
* fieldnames passed to the ObjectCodec constructor.
* field names passed to the ObjectCodec constructor.
*
* References are only used for cells in mxGraph. For defining other
* referencable object types, the codec must be able to work out the ID of an
Expand All @@ -173,11 +173,11 @@ import type Codec from './Codec';
* For decoding JavaScript expressions, the add-node may be used with a text
* content that contains the JavaScript expression. For example, the following
* creates a field called foo in the enclosing object and assigns it the value
* of {@link Constants.ALIGN.LEFT}.
* of {@link ALIGN.LEFT}.
*
* ```javascript
* <Object>
* <add as="foo">Constants.ALIGN.LEFT</add>
* <add as="foo">constants.ALIGN.LEFT</add>
* </Object>
* ```
*
Expand Down Expand Up @@ -221,7 +221,8 @@ class ObjectCodec {
/**
* Static global switch that specifies if expressions in arrays are allowed.
*
* **NOTE**: Enabling this carries a possible security risk.
* **WARNING**: Enabling this switch carries a possible security risk.
*
* @default false
*/
static allowEval = false;
Expand Down
3 changes: 3 additions & 0 deletions packages/core/src/serialization/codecs/StylesheetCodec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,9 @@ export class StylesheetCodec extends ObjectCodec {
/**
* Static global switch that specifies if the use of eval is allowed for evaluating text content.
* Set this to `false` if stylesheets may contain user input.
*
* **WARNING**: Enabling this switch carries a possible security risk.
*
* @default true
*/
static allowEval = true;
Expand Down
17 changes: 13 additions & 4 deletions packages/core/src/view/GraphView.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,10 +132,13 @@ export class GraphView extends EventSource {
updatingDocumentResource = TranslationsConfig.isEnabled() ? 'updatingDocument' : '';

/**
* Specifies if string values in cell styles should be evaluated using
* {@link eval}. This will only be used if the string values can't be mapped
* to objects using {@link StyleRegistry}. Default is false. NOTE: Enabling this
* switch carries a possible security risk.
* Specifies if string values in cell styles should be evaluated using {@link eval}.
*
* This will only be used if the string values can't be mapped to objects using {@link StyleRegistry} when resolving {@link CellStateStyle.edgeStyle} and {@link CellStateStyle.perimeter}.
*
* **WARNING**: Enabling this switch carries a possible security risk.
*
* @default false
*/
allowEval = false;

Expand Down Expand Up @@ -281,10 +284,16 @@ export class GraphView extends EventSource {
);
}

/**
* Returns {@link allowEval}.
*/
isAllowEval() {
return this.allowEval;
}

/**
* Sets {@link allowEval}.
*/
setAllowEval(value: boolean) {
this.allowEval = value;
}
Expand Down
3 changes: 3 additions & 0 deletions packages/core/src/view/geometry/node/StencilShape.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ export const StencilShapeConfig = {
/**
* Specifies if the use of eval is allowed for evaluating text content and images.
* Set this to `true` if stencils can not contain user input.
*
* **WARNING**: Enabling this switch carries a possible security risk.
*
* @default false
*/
allowEval: false,
Expand Down