From 27e709912dc32ed60d99bfbe534f44e6c172b35a Mon Sep 17 00:00:00 2001
From: Braden MacDonald <braden@opencraft.com>
Date: Thu, 29 Jan 2026 07:39:48 -0800
Subject: [PATCH] fix: don't use eval() to parse OLX (#2848)

---
 src/editors/containers/ProblemEditor/data/OLXParser.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/editors/containers/ProblemEditor/data/OLXParser.js b/src/editors/containers/ProblemEditor/data/OLXParser.js
index 5fbb69374..68210f7ba 100644
--- a/src/editors/containers/ProblemEditor/data/OLXParser.js
+++ b/src/editors/containers/ProblemEditor/data/OLXParser.js
@@ -257,7 +257,7 @@ export class OLXParser {
         if (isComplexAnswer && preservedAnswer) {
           title = this.richTextBuilder.build(preservedAnswer);
         }
-        const correct = eval(element['@_correct'].toLowerCase());
+        const correct = element['@_correct'].toLowerCase() === 'true';
         const id = indexToLetterMap[index];
         const feedback = this.getAnswerFeedback(preservedFeedback, `${option}hint`);
         answers.push(
@@ -279,7 +279,7 @@ export class OLXParser {
       }
       const feedback = this.getAnswerFeedback(preservedFeedback, `${option}hint`);
       answers.push({
-        correct: eval(choice['@_correct'].toLowerCase()),
+        correct: choice['@_correct'].toLowerCase() === 'true',
         id: indexToLetterMap[answers.length],
         title,
         ...feedback,