From 8ff81537f2cf078ea0626e497874fcdf10ed17c2 Mon Sep 17 00:00:00 2001
From: Masen Furer <m_github@0x26.net>
Date: Tue, 3 Dec 2024 11:25:16 -0800
Subject: [PATCH] use safer indirect eval

---
 reflex/.templates/web/utils/state.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reflex/.templates/web/utils/state.js b/reflex/.templates/web/utils/state.js
index 1d033daee..27d618e85 100644
--- a/reflex/.templates/web/utils/state.js
+++ b/reflex/.templates/web/utils/state.js
@@ -214,7 +214,7 @@ export const applyEvent = async (event, socket) => {
     a.href = event.payload.url;
     // Special case when linking to uploaded files
     if (a.href.includes("getBackendURL(env.UPLOAD)")) {
-      a.href = eval(
+      a.href = eval?.(
         event.payload.url.replace(
           "getBackendURL(env.UPLOAD)",
           `"${getBackendURL(env.UPLOAD)}"`