Add security note for swal-function-param (#240)

Copilot · limonte · web-flow · commit dc30d5bb440d · 2026-02-26T13:21:54.000+02:00
* Initial plan

* Initial plan for security note

Co-authored-by: limonte &lt;6059356+limonte@users.noreply.github.com&gt;

* Add security note for swal-function-param in declarative templates docs

Co-authored-by: limonte &lt;6059356+limonte@users.noreply.github.com&gt;

* Revert bun.lock changes

Co-authored-by: limonte &lt;6059356+limonte@users.noreply.github.com&gt;

---------

Co-authored-by: copilot-swe-agent[bot] &lt;198982749+Copilot@users.noreply.github.com&gt;
Co-authored-by: limonte &lt;6059356+limonte@users.noreply.github.com&gt;
diff --git a/src/components/DeclarativeTemplates.tsx b/src/components/DeclarativeTemplates.tsx
@@ -113,6 +113,11 @@ export function DeclarativeTemplates() {
           language="xml"
           withoutCodepen
         />
+        <p className="center">
+          [Security] The <strong>value</strong> attribute of <strong>swal-function-param</strong> is evaluated using{' '}
+          <code>new Function()</code>, which behaves like <code>eval()</code>. Only use{' '}
+          <strong>swal-function-param</strong> with trusted template content.
+        </p>
       </div>
 
       <div className="center-container mobile-hidden">
