✨ Added self, prompt and confirm to blocklist. Changed window usage c…

…ondition.
n8n-io · May 25, 2022 · 1b2efac · 1b2efac
1 parent 567f85d
commit 1b2efac
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/packages/workflow/src/Expression.ts b/packages/workflow/src/Expression.ts
@@ -122,7 +122,12 @@ export class Expression {
 		data.window = {};
 		data.Window = {};
 		data.this = {};
+		data.self = {};
+
+		// Alerts
 		data.alert = {};
+		data.prompt = {};
+		data.confirm = {};
 
 		// Prevent Remote Code Execution
 		data.eval = {};
@@ -144,12 +149,7 @@ export class Expression {
 
 		// Execute the expression
 		try {
-			if (
-				parameterValue.includes('window') &&
-				!/([a-zA-Z.]window|window[a-zA-Z]|['"](?!\s*[\\+\-*/|]+\s*)[^'"]*window)/g.test(
-					parameterValue,
-				)
-			) {
+			if (/([^a-zA-Z0-9"']window[^a-zA-Z0-9"'])/g.test(parameterValue)) {
 				throw new Error(`window is not allowed`);
 			}