@bpmn-io/form-js-editor 1.8.1 → 1.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.cjs +17 -2
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.es.js +17 -2
  4. package/dist/index.es.js.map +1 -1
  5. package/dist/types/features/properties-panel/Util.d.ts +4 -0
  6. package/package.json +2 -2
package/dist/index.cjs CHANGED
@@ -9001,6 +9001,14 @@ function textToLabel(text) {
9001
9001
  function isValidDotPath(path) {
9002
9002
  return /^\w+(\.\w+)*$/.test(path);
9003
9003
  }
9004
+
9005
+ /**
9006
+ * @param {string} path
9007
+ */
9008
+ function isProhibitedPath(path) {
9009
+ const prohibitedSegments = ['__proto__', 'prototype', 'constructor'];
9010
+ return path.split('.').some(segment => prohibitedSegments.includes(segment));
9011
+ }
9004
9012
  const LABELED_NON_INPUTS = ['button', 'group', 'dynamiclist', 'iframe', 'table'];
9005
9013
  const INPUTS = ['checkbox', 'checklist', 'datetime', 'number', 'radio', 'select', 'taglist', 'textfield', 'textarea'];
9006
9014
  const OPTIONS_INPUTS = ['checklist', 'radio', 'select', 'taglist'];
@@ -9940,6 +9948,9 @@ function Key$2(props) {
9940
9948
  if (hasIntegerPathSegment(value)) {
9941
9949
  return 'Must not contain numerical path segments.';
9942
9950
  }
9951
+ if (isProhibitedPath(value)) {
9952
+ return 'Must not be a prohibited path.';
9953
+ }
9943
9954
  const replacements = {
9944
9955
  [field.id]: value.split('.')
9945
9956
  };
@@ -10032,11 +10043,15 @@ function Path(props) {
10032
10043
  }
10033
10044
 
10034
10045
  // Check for integer segments in the path
10035
- const hasIntegerPathSegment = value.split('.').some(segment => /^\d+$/.test(segment));
10036
- if (hasIntegerPathSegment) {
10046
+ if (hasIntegerPathSegment(value)) {
10037
10047
  return 'Must not contain numerical path segments.';
10038
10048
  }
10039
10049
 
10050
+ // Check for special prohibited paths
10051
+ if (isProhibitedPath(value)) {
10052
+ return 'Must not be a prohibited path.';
10053
+ }
10054
+
10040
10055
  // Check for path collisions
10041
10056
  const options = {
10042
10057
  replacements: {