Zniffer search field allows modifying frame data

[kpine]

Checklist

• I am not using Home Assistant. Or: a developer has told me to come here.
• I have checked the troubleshooting section and my problem is not described there.
• I have read the changelog and my problem is not mentioned there.

Deploy method

PKG executable

Z-Wave JS UI version

9.29.1

ZwaveJS version

14.3.7

Describe the bug

When attempting a search query in the Zniffer search field, I was able to apparently execute some JS code that modified the Type field for all frames.

Screenshot before search:

Enter search query frame.type = "foobar" (my original query was frame.type = "ExplorerInclusionRequest", but that is more dramatic), and the type field of all messages has been replaced, apparently it has attempting to convert the string to an enum:

To Reproduce

Enter a search term in the field that could modify something. Like frame.type = "foobar". You can basically modify any of the frame fields.

Expected behavior

The search term should not modify anything in the capture.

Preferably the search should be sanitized and validate the input, preventing any kind of code execution.

Additional context

Refreshing the web browser reloads the original content so it's only temporary.

[robertsLando]

LOL that's because that function is actually passed to a js filter, you should use == or === instead but I agree I should prevent allowing to change data