mirror of
https://github.com/Comfy-Org/ComfyUI_frontend.git
synced 2026-04-27 17:52:16 +00:00
df712953a3
## Summary Replace `eval()` in `evaluateInput()` with a custom recursive descent math parser, eliminating a security concern and enabling the `no-eval` lint rule. ## Changes - **New**: `mathParser.ts` — recursive descent parser for `+`, `-`, `*`, `/`, `%`, `()`, decimals, unary operators. Zero new dependencies. - **Modified**: `widget.ts` — replaced `eval()` call with `evaluateMathExpression()`, use `isFinite()` instead of `isNaN()` to reject `Infinity` - **Modified**: `.oxlintrc.json` — `no-eval` rule changed from `"off"` to `"error"` - **Tests**: 59 parser tests + 23 integration tests covering complex expressions, edge cases, and invalid input ## Review Feedback Addressed - Renamed `unit()` → `primary()` for clarity - Added modulo (`%`) operator support - Normalized negative zero to positive zero - Added depth limit (200) for nested parentheses - Used `isFinite()` instead of `isNaN()` to reject `Infinity`/`-Infinity` - Added tests for edge-case number formats, unary-after-binary operators, modulo, depth limits, scientific/hex notation, and `Infinity` Fixes #8032 Fixes #9272 Fixes #9273 Fixes #9274 Fixes #9275 ┆Issue is synchronized with this [Notion page](https://www.notion.so/PR-9263-fix-Replace-eval-with-safe-math-expression-parser-3136d73d3650812f9f8dea21d1ea4f06) by [Unito](https://www.unito.io)
3.9 KiB
3.9 KiB