From 904a353bffd0aced84c6058041ca6648069187c2 Mon Sep 17 00:00:00 2001
From: the-djmaze <>
Date: Wed, 9 Oct 2024 21:35:34 +0200
Subject: [PATCH] Secure ko template bindings?

---
 vendors/knockout/src/binding/bindingProvider.js | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/vendors/knockout/src/binding/bindingProvider.js b/vendors/knockout/src/binding/bindingProvider.js
index 05120d2e3..eae03acca 100644
--- a/vendors/knockout/src/binding/bindingProvider.js
+++ b/vendors/knockout/src/binding/bindingProvider.js
@@ -36,6 +36,15 @@ ko.bindingProvider = new class
                     // For each scope variable, add an extra level of "with" nesting
                     // Example result: with(sc1) { with(sc0) { return (expression) } }
                     // Deprecated: with is no longer recommended
+/*
+                    functionBody = "$context = new Proxy(
+                        $context,
+                        {
+                            has:()=>true,
+                            get:(target,key)=>Reflect.has(target, key) ? target[key] : target['$data'][key]
+                        }
+                    );with($context){return{" + rewrittenBindings + "}}";
+*/
                     var rewrittenBindings = ko.expressionRewriting.preProcessBindings(bindingsString),
                         functionBody = "with($data){return{" + rewrittenBindings + "}}";
                     bindingFunction = new Function("$context", "$root", "$parent", "$data", "$element", functionBody);