From a109d9a253bac6139789d798038b6fe9ce796da8 Mon Sep 17 00:00:00 2001
From: npt-1707 <npthanh132@gmail.com>
Date: Mon, 11 May 2026 06:01:58 +0700
Subject: [PATCH] static/plugins/chart.js/Chart.bundle.js: Avoid loading
 path-looking locales from fs

---
 static/plugins/chart.js/Chart.bundle.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/static/plugins/chart.js/Chart.bundle.js b/static/plugins/chart.js/Chart.bundle.js
index 59e2b962..118710ff 100644
--- a/static/plugins/chart.js/Chart.bundle.js
+++ b/static/plugins/chart.js/Chart.bundle.js
@@ -16550,11 +16550,17 @@ var moment = createCommonjsModule(function (module, exports) {
         return globalLocale;
     }
 
+	function isLocaleNameSane(name) {
+		// Prevent names that look like filesystem paths, i.e contain '/' or '\'
+		return name.match('^[^/\\\\]*$') != null;
+	}
+
     function loadLocale(name) {
         var oldLocale = null;
         // TODO: Find a better way to register and load all the locales in Node
         if (!locales[name] && ('object' !== 'undefined') &&
-                module && module.exports) {
+                module && module.exports &&
+        		isLocaleNameSane(name)) {
             try {
                 oldLocale = globalLocale._abbr;
                 var aliasedRequire = commonjsRequire;