Skip to content

Commit a9a62a3

Browse files
masenfadhami3310
masenf
authored and
adhami3310
committed
Restrict update_vars_internal to browser storage vars
Only allow reflex API event `update_vars_internal` to update vars associated with client storage values.
1 parent 9db9388 commit a9a62a3

File tree

1 file changed

+27
-6
lines changed

1 file changed

+27
-6
lines changed

reflex/state.py

Lines changed: 27 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1396,17 +1396,37 @@ def reset(self):
13961396
for substate in self.substates.values():
13971397
substate.reset()
13981398

1399+
@classmethod
1400+
@functools.lru_cache
1401+
def _is_client_storage(cls, prop_name_or_field: str | ModelField) -> bool:
1402+
"""Check if the var is a client storage var.
1403+
1404+
Args:
1405+
prop_name_or_field: The name of the var or the field itself.
1406+
1407+
Returns:
1408+
Whether the var is a client storage var.
1409+
"""
1410+
if isinstance(prop_name_or_field, str):
1411+
field = cls.get_fields().get(prop_name_or_field)
1412+
else:
1413+
field = prop_name_or_field
1414+
return field is not None and (
1415+
isinstance(field.default, ClientStorageBase)
1416+
or (
1417+
isinstance(field.type_, type)
1418+
and issubclass(field.type_, ClientStorageBase)
1419+
)
1420+
)
1421+
13991422
def _reset_client_storage(self):
14001423
"""Reset client storage base vars to their default values."""
14011424
# Client-side storage is reset during hydrate so that clearing cookies
14021425
# on the browser also resets the values on the backend.
14031426
fields = self.get_fields()
14041427
for prop_name in self.base_vars:
14051428
field = fields[prop_name]
1406-
if isinstance(field.default, ClientStorageBase) or (
1407-
isinstance(field.type_, type)
1408-
and issubclass(field.type_, ClientStorageBase)
1409-
):
1429+
if self._is_client_storage(field):
14101430
setattr(self, prop_name, copy.deepcopy(field.default))
14111431

14121432
# Recursively reset the substate client storage.
@@ -2342,8 +2362,9 @@ async def update_vars_internal(self, vars: dict[str, Any]) -> None:
23422362
for var, value in vars.items():
23432363
state_name, _, var_name = var.rpartition(".")
23442364
var_state_cls = State.get_class_substate(state_name)
2345-
var_state = await self.get_state(var_state_cls)
2346-
setattr(var_state, var_name, value)
2365+
if var_state_cls._is_client_storage(var_name):
2366+
var_state = await self.get_state(var_state_cls)
2367+
setattr(var_state, var_name, value)
23472368

23482369

23492370
class OnLoadInternalState(State):

0 commit comments

Comments
 (0)