[BUG] Using `constructor` as node ID results in errors
Yash-Singh1 opened this issue · comments
Description
When someone uses constructor or __proto__ as the node ID, then it results in errors since it overrides internal object properties. This isn't prototype pollution, this is just overriding these values can generate errors.
Steps to reproduce
- Create a flowchart
- Rename the ID to
__proto__orconstructor
Screenshots
constructor
view fail TypeError: Cannot read properties of undefined (reading 'id')
at index-fc10efb0.1MTf2mPJ.js:1:10564
at Array.map (<anonymous>)
at M (index-fc10efb0.1MTf2mPJ.js:1:9833)
at bt (index-fc10efb0.1MTf2mPJ.js:1:11949)
at Object.ae [as draw] (styles-3ed67cfa.CLmMmzON.js:2:1286)
at async Object.render$1 [as render] (state.BobIb4kd.js:96:1687)
__proto__
view fail TypeError: Utils.channel.clamp[o] is not a function
at change (state.BobIb4kd.js:15:10249)
at adjust (state.BobIb4kd.js:15:11045)
at new Theme$3 (state.BobIb4kd.js:19:14623)
at Object.getThemeVariables$3 [as getThemeVariables] (state.BobIb4kd.js:19:27063)
at Object.initialize$1 [as initialize] (state.BobIb4kd.js:96:2726)
at Object.initialize (state.BobIb4kd.js:96:5750)
at render (state.BobIb4kd.js:98:1461)
at async gt (View.Cek2wZ8c.js:2:340)
Code Sample
flowchart TD
__proto__ --> B
Setup
- Mermaid version:
- Browser and Version: [Chrome, Edge, Firefox]
Suggested Solutions
This should be a pretty simple fix by replacing usages of objects in the db files with Maps. However, I noticed that the classes are exported through the getClasses function on some of the diagrams. So, would switching to Map be considered a breaking change? Another option is to encode the keys before they are inserted into the objects.
Additional Context
No response
@Yash-Singh1 we haven't released v11 yet, so breaking changes can go in. No issues.