SEBA-457 Core xproto cleanup Change-Id: Ib99680dd81016694094a5c230afdf9dcf2cb307e

commit: 4839dec1bc3282349ef618f8721977895a443a0c [log] [tgz]
author: Scott Baker <smbaker@gmail.com> Wed Feb 27 16:50:37 2019 -0800
committer: Scott Baker <smbaker@gmail.com> Mon Mar 04 17:55:20 2019 -0800
tree: 38482ea244773c8a7965e0e8d2ff56f84e49d33a
parent: 00e22d63f2c96ccec7c3f0d58158aad3c60da812 [diff] [blame]
diff --git a/lib/xos-genx/xosgenx/jinja2_extensions/gui.py b/lib/xos-genx/xosgenx/jinja2_extensions/gui.py
index 245bbda..4cb644a 100644
--- a/lib/xos-genx/xosgenx/jinja2_extensions/gui.py
+++ b/lib/xos-genx/xosgenx/jinja2_extensions/gui.py

@@ -96,17 +96,23 @@
 
 
 def xproto_default_to_gui(default):
+    # TODO: Using `eval` here is potentially dangerous as it may allow code injection
     val = "null"
-    if is_number(default):
-        val = str(default)
-    elif eval(default) is True:
-        val = "true"
-    elif eval(default) is False:
-        val = "false"
-    elif eval(default) is None:
+    try:
+        if is_number(default):
+            val = str(default)
+        elif eval(default) is True:
+            val = "true"
+        elif eval(default) is False:
+            val = "false"
+        elif eval(default) is None:
+            val = "null"
+        else:
+            val = str(default)
+    except NameError:
+        # val was a function call, and we can't pass those to the GUI
         val = "null"
-    else:
-        val = str(default)
+
     return val
commit	4839dec1bc3282349ef618f8721977895a443a0c	[log] [tgz]
author	Scott Baker <smbaker@gmail.com>	Wed Feb 27 16:50:37 2019 -0800
committer	Scott Baker <smbaker@gmail.com>	Mon Mar 04 17:55:20 2019 -0800
tree	38482ea244773c8a7965e0e8d2ff56f84e49d33a
parent	00e22d63f2c96ccec7c3f0d58158aad3c60da812 [diff] [blame]