Security: Fix code injection vulnerability (CodeQL #5)

## Description
A code injection vulnerability has been detected where unsanitized user input is evaluated as code, allowing for arbitrary code execution.

## Location
- File: lib/charts.js
- Line: 141

## Issue
User-provided input is being executed as code without proper sanitization, which could allow an attacker to inject and execute arbitrary code. This is a critical security vulnerability that could lead to remote code execution.

## Recommendation
To fix this issue:
1. Avoid evaluating user input as code whenever possible
2. If evaluation is necessary, implement strict validation and sanitization of the input
3. Use a sandbox or restricted execution environment
4. Consider JSON.parse() or other safer alternatives for parsing user input

## Severity
Critical - This vulnerability allows for arbitrary code execution, which is one of the most severe security risks.

## References
- [OWASP Code Injection](https://owasp.org/www-community/attacks/Code_Injection)
- [CWE-94: Improper Control of Generation of Code ('Code Injection')](https://cwe.mitre.org/data/definitions/94.html)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Fix code injection vulnerability (CodeQL #5) #22

Description

Location

Issue

Recommendation

Severity

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security: Fix code injection vulnerability (CodeQL #5) #22

Description

Description

Location

Issue

Recommendation

Severity

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions