From 7fd8f0dd6eca58b679b7b6590e1294bc4ad9c776 Mon Sep 17 00:00:00 2001
From: MorielHarush <93482738+MorielHarush@users.noreply.github.com>
Date: Tue, 10 Mar 2026 15:28:02 +0200
Subject: [PATCH] Deleted javascript engine to protect from RCE

---
 lib/engines.js | 24 ------------------------
 1 file changed, 24 deletions(-)

diff --git a/lib/engines.js b/lib/engines.js
index 38f993d..11b7f0a 100644
--- a/lib/engines.js
+++ b/lib/engines.js
@@ -28,27 +28,3 @@ engines.json = {
     return JSON.stringify(obj, opts.replacer, opts.space);
   }
 };
-
-/**
- * JavaScript
- */
-
-engines.javascript = {
-  parse: function parse(str, options, wrap) {
-    /* eslint no-eval: 0 */
-    try {
-      if (wrap !== false) {
-        str = '(function() {\nreturn ' + str.trim() + ';\n}());';
-      }
-      return eval(str) || {};
-    } catch (err) {
-      if (wrap !== false && /(unexpected|identifier)/i.test(err.message)) {
-        return parse(str, options, false);
-      }
-      throw new SyntaxError(err);
-    }
-  },
-  stringify: function() {
-    throw new Error('stringifying JavaScript is not supported');
-  }
-};