mirror of
https://github.com/mermaid-js/mermaid.git
synced 2025-10-10 01:29:49 +02:00
34 lines
1012 B
Diff
34 lines
1012 B
Diff
diff --git a/src/dagre/position/bk.js b/src/dagre/position/bk.js
|
|
index d4aabdcef2c788873b799489cf27d48aaa0a2ee6..72beff8b3830f1e3241455400f68843888b60a06 100644
|
|
--- a/src/dagre/position/bk.js
|
|
+++ b/src/dagre/position/bk.js
|
|
@@ -129,6 +129,16 @@ function findOtherInnerSegmentNode(g, v) {
|
|
}
|
|
}
|
|
|
|
+/**
|
|
+ * Check if a key is safe to use as an object property to prevent prototype pollution
|
|
+ * @param {*} key - The key to check
|
|
+ * @returns {boolean} - True if the key is safe, false otherwise
|
|
+ */
|
|
+function isSafeKey(key) {
|
|
+ // Reject prototype pollution vectors
|
|
+ return key !== '__proto__' && key !== 'constructor' && key !== 'prototype';
|
|
+}
|
|
+
|
|
function addConflict(conflicts, v, w) {
|
|
if (v > w) {
|
|
var tmp = v;
|
|
@@ -136,6 +146,11 @@ function addConflict(conflicts, v, w) {
|
|
w = tmp;
|
|
}
|
|
|
|
+ // Validate keys to prevent prototype pollution
|
|
+ if (!isSafeKey(v) || !isSafeKey(w)) {
|
|
+ return;
|
|
+ }
|
|
+
|
|
var conflictsV = conflicts[v];
|
|
if (!conflictsV) {
|
|
conflicts[v] = conflictsV = {};
|