SystemSh0cker/monaco-editor
1
0
Fork 0
mirror of https://github.com/microsoft/monaco-editor.git synced 2025-12-22 17:25:39 +01:00
Code Issues Projects Releases Packages Activity

Update index.ts

Browse source
This commit is contained in:
Zeroday BYTE 2025-07-06 19:54:28 +07:00 committed by GitHub
parent f420968fc9
commit d5ed5318c1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
website/src/runner/index.ts
View file

@ -54,7 +54,9 @@ async function initialize(state: IPreviewState) {
const js = massageJs(state.js); const js = massageJs(state.js);
try { try {
eval(js); // CodeQL [SM01632] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground. // CodeQL [SM02688] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground. const sanitizedJs = sanitizeJs(js); // Sanitize the `js` input before execution.
const func = new Function(sanitizedJs); // Use `new Function` instead of `eval`.
func(); // Execute the sanitized JavaScript code.
} catch (err) { } catch (err) {
const pre = document.createElement("pre"); const pre = document.createElement("pre");
pre.appendChild( pre.appendChild(