From 90bb08a2793c7eaeff76b78ec9a7b5f4a833766f Mon Sep 17 00:00:00 2001
From: Safwan Samsudeen <safwansamsudeen.c@gmail.com>
Date: Thu, 5 Feb 2026 16:33:40 +0530
Subject: [PATCH] fix: use indirect eval

---
 frappe/public/js/frappe/utils/utils.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frappe/public/js/frappe/utils/utils.js b/frappe/public/js/frappe/utils/utils.js
index ce812868ad..5602b34bda 100644
--- a/frappe/public/js/frappe/utils/utils.js
+++ b/frappe/public/js/frappe/utils/utils.js
@@ -2197,7 +2197,7 @@ Object.assign(frappe.utils, {
 			if (parsed_value.match(/^[0-9+\-/*.() ]+$/)) {
 				// If it is a string containing operators
 				try {
-					return eval(parsed_value);
+					return (0, eval)(parsed_value);
 				} catch (e) {
 					// bad expression
 					return value;