@bpmn-io/form-js-editor 1.8.1 → 1.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +23 -7
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.es.js +23 -7
  4. package/dist/index.es.js.map +1 -1
  5. package/dist/types/features/properties-panel/Util.d.ts +4 -0
  6. package/dist/types/render/components/editor-form-fields/EditorExpressionField.d.ts +1 -0
  7. package/package.json +4 -3
package/dist/index.es.js CHANGED
@@ -1060,7 +1060,7 @@ function EditorHtml(props) {
1060
1060
  class: "fjs-form-field-placeholder",
1061
1061
  children: [jsx(Icon, {
1062
1062
  viewBox: "0 0 54 54"
1063
- }), "Html is empty"]
1063
+ }), "Html view is empty"]
1064
1064
  })
1065
1065
  });
1066
1066
  }
@@ -1071,7 +1071,7 @@ function EditorHtml(props) {
1071
1071
  class: "fjs-form-field-placeholder",
1072
1072
  children: [jsx(Icon, {
1073
1073
  viewBox: "0 0 54 54"
1074
- }), "Html is populated by an expression"]
1074
+ }), "Html view is populated by an expression"]
1075
1075
  })
1076
1076
  });
1077
1077
  }
@@ -1082,7 +1082,7 @@ function EditorHtml(props) {
1082
1082
  class: "fjs-form-field-placeholder",
1083
1083
  children: [jsx(Icon, {
1084
1084
  viewBox: "0 0 54 54"
1085
- }), "Html is templated"]
1085
+ }), "Html view is templated"]
1086
1086
  })
1087
1087
  });
1088
1088
  }
@@ -1163,13 +1163,14 @@ function EditorExpressionField(props) {
1163
1163
  field
1164
1164
  } = props;
1165
1165
  const {
1166
- expression = ''
1166
+ expression = '',
1167
+ key
1167
1168
  } = field;
1168
1169
  const Icon = iconsByType('expression');
1169
1170
  const expressionLanguage = useService$1('expressionLanguage');
1170
1171
  let placeholderContent = 'Expression is empty';
1171
1172
  if (expression.trim() && expressionLanguage.isExpression(expression)) {
1172
- placeholderContent = 'Expression';
1173
+ placeholderContent = `Expression for '${key}'`;
1173
1174
  }
1174
1175
  return jsx("div", {
1175
1176
  class: editorFormFieldClasses(type),
@@ -8981,6 +8982,14 @@ function textToLabel(text) {
8981
8982
  function isValidDotPath(path) {
8982
8983
  return /^\w+(\.\w+)*$/.test(path);
8983
8984
  }
8985
+
8986
+ /**
8987
+ * @param {string} path
8988
+ */
8989
+ function isProhibitedPath(path) {
8990
+ const prohibitedSegments = ['__proto__', 'prototype', 'constructor'];
8991
+ return path.split('.').some(segment => prohibitedSegments.includes(segment));
8992
+ }
8984
8993
  const LABELED_NON_INPUTS = ['button', 'group', 'dynamiclist', 'iframe', 'table'];
8985
8994
  const INPUTS = ['checkbox', 'checklist', 'datetime', 'number', 'radio', 'select', 'taglist', 'textfield', 'textarea'];
8986
8995
  const OPTIONS_INPUTS = ['checklist', 'radio', 'select', 'taglist'];
@@ -9920,6 +9929,9 @@ function Key$2(props) {
9920
9929
  if (hasIntegerPathSegment(value)) {
9921
9930
  return 'Must not contain numerical path segments.';
9922
9931
  }
9932
+ if (isProhibitedPath(value)) {
9933
+ return 'Must not be a prohibited path.';
9934
+ }
9923
9935
  const replacements = {
9924
9936
  [field.id]: value.split('.')
9925
9937
  };
@@ -10012,11 +10024,15 @@ function Path(props) {
10012
10024
  }
10013
10025
 
10014
10026
  // Check for integer segments in the path
10015
- const hasIntegerPathSegment = value.split('.').some(segment => /^\d+$/.test(segment));
10016
- if (hasIntegerPathSegment) {
10027
+ if (hasIntegerPathSegment(value)) {
10017
10028
  return 'Must not contain numerical path segments.';
10018
10029
  }
10019
10030
 
10031
+ // Check for special prohibited paths
10032
+ if (isProhibitedPath(value)) {
10033
+ return 'Must not be a prohibited path.';
10034
+ }
10035
+
10020
10036
  // Check for path collisions
10021
10037
  const options = {
10022
10038
  replacements: {