From b0f0eb9ea991f4191d783430da5047f925a945cd Mon Sep 17 00:00:00 2001
From: omar abdelzaher sleam <ooomar92@gmail.com>
Date: Wed, 5 Apr 2023 05:19:33 +0200
Subject: [PATCH] secure eval

---
 src/litegraph.js | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/litegraph.js b/src/litegraph.js
index b90de11ed..d6eb00a2d 100644
--- a/src/litegraph.js
+++ b/src/litegraph.js
@@ -9985,10 +9985,13 @@ LGraphNode.prototype.executeAction = function(action)
 						var delta = x < 40 ? -1 : x > widget_width - 40 ? 1 : 0;
 						if (event.click_time < 200 && delta == 0) {
 							this.prompt("Value",w.value,function(v) {
-                                    try {//solve the equation if possible
-                                        v = eval(v);
-                                    } catch (error) {
-                                    }
+							this.prompt("Value",w.value,function(v) {
+									// check if v is a valid equation or a number
+									  if (/^[0-9+\-*/()\s]+$/.test(v)) {
+										try {//solve the equation if possible
+									    		v = eval(v);
+										} catch (e) { }
+									}	
 									this.value = Number(v);
 									inner_value_change(this, this.value);
 								}.bind(w),