@bpmn-io/form-js-editor 1.8.1 → 1.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.cjs +17 -2
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.es.js +17 -2
  4. package/dist/index.es.js.map +1 -1
  5. package/dist/types/features/properties-panel/Util.d.ts +4 -0
  6. package/package.json +2 -2
package/dist/index.es.js CHANGED
@@ -8981,6 +8981,14 @@ function textToLabel(text) {
8981
8981
  function isValidDotPath(path) {
8982
8982
  return /^\w+(\.\w+)*$/.test(path);
8983
8983
  }
8984
+
8985
+ /**
8986
+ * @param {string} path
8987
+ */
8988
+ function isProhibitedPath(path) {
8989
+ const prohibitedSegments = ['__proto__', 'prototype', 'constructor'];
8990
+ return path.split('.').some(segment => prohibitedSegments.includes(segment));
8991
+ }
8984
8992
  const LABELED_NON_INPUTS = ['button', 'group', 'dynamiclist', 'iframe', 'table'];
8985
8993
  const INPUTS = ['checkbox', 'checklist', 'datetime', 'number', 'radio', 'select', 'taglist', 'textfield', 'textarea'];
8986
8994
  const OPTIONS_INPUTS = ['checklist', 'radio', 'select', 'taglist'];
@@ -9920,6 +9928,9 @@ function Key$2(props) {
9920
9928
  if (hasIntegerPathSegment(value)) {
9921
9929
  return 'Must not contain numerical path segments.';
9922
9930
  }
9931
+ if (isProhibitedPath(value)) {
9932
+ return 'Must not be a prohibited path.';
9933
+ }
9923
9934
  const replacements = {
9924
9935
  [field.id]: value.split('.')
9925
9936
  };
@@ -10012,11 +10023,15 @@ function Path(props) {
10012
10023
  }
10013
10024
 
10014
10025
  // Check for integer segments in the path
10015
- const hasIntegerPathSegment = value.split('.').some(segment => /^\d+$/.test(segment));
10016
- if (hasIntegerPathSegment) {
10026
+ if (hasIntegerPathSegment(value)) {
10017
10027
  return 'Must not contain numerical path segments.';
10018
10028
  }
10019
10029
 
10030
+ // Check for special prohibited paths
10031
+ if (isProhibitedPath(value)) {
10032
+ return 'Must not be a prohibited path.';
10033
+ }
10034
+
10020
10035
  // Check for path collisions
10021
10036
  const options = {
10022
10037
  replacements: {