From 772d5bae5a210791113c2b922c969a3e6ea20940 Mon Sep 17 00:00:00 2001
From: Janna Hopp <201101176+jannahopp@users.noreply.github.com>
Date: Mon, 23 Mar 2026 09:58:32 +0100
Subject: [PATCH] fix: remove eval() on user-supplied expressions in computed
 fields
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The _compute_field method in JsonCssExtractionStrategy called eval()
on user-supplied "expression" strings, enabling remote code execution
via crafted extraction schemas (reachable through MCP crawl tool).

Replace the eval() branch with a warning log and default value return.
The "function" path (Python callables) is preserved for programmatic
SDK usage — it is not reachable via JSON/MCP input.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 crawl4ai/extraction_strategy.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/crawl4ai/extraction_strategy.py b/crawl4ai/extraction_strategy.py
index 6be1c7c7b..13fee62cb 100644
--- a/crawl4ai/extraction_strategy.py
+++ b/crawl4ai/extraction_strategy.py
@@ -1227,7 +1227,12 @@ def _apply_transform(self, value, transform):
     def _compute_field(self, item, field):
         try:
             if "expression" in field:
-                return eval(field["expression"], {}, item)
+                import logging
+                logging.getLogger(__name__).warning(
+                    "Computed field expressions are disabled for security. "
+                    "Use 'function' for programmatic access."
+                )
+                return field.get("default")
             elif "function" in field:
                 return field["function"](item)
         except Exception as e: