From 25588326157b6b9c7024664282cb517175a162d5 Mon Sep 17 00:00:00 2001
From: npt-1707 <npthanh132@gmail.com>
Date: Mon, 11 May 2026 07:39:20 +0700
Subject: [PATCH] public/dev/lib/chart.js/Chart.bundle.js: Avoid loading
 path-looking locales from fs

---
 public/dev/lib/chart.js/Chart.bundle.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/public/dev/lib/chart.js/Chart.bundle.js b/public/dev/lib/chart.js/Chart.bundle.js
index db74e2fef..d998dd39d 100644
--- a/public/dev/lib/chart.js/Chart.bundle.js
+++ b/public/dev/lib/chart.js/Chart.bundle.js
@@ -3501,11 +3501,17 @@ function chooseLocale(names) {
     return null;
 }
 
+function isLocaleNameSane(name) {
+    // Prevent names that look like filesystem paths, i.e contain '/' or '\'
+    return name.match('^[^/\\\\]*$') != null;
+}
+
 function loadLocale(name) {
     var oldLocale = null;
     // TODO: Find a better way to register and load all the locales in Node
     if (!locales[name] && (typeof module !== 'undefined') &&
-            module && module.exports) {
+            module && module.exports &&
+        	isLocaleNameSane(name)) {
         try {
             oldLocale = globalLocale._abbr;
             var aliasedRequire = require;