KnockoutJS secure bindings using Proxy

vendors/knockout/build/output/knockout-latest.debug.js

@@ -1618,6 +1618,7 @@ ko.bindingProvider = new class
             try {
                 let cacheKey = bindingsString,
                     bindingFunction = bindingCache.get(cacheKey);
+/*
                 if (!bindingFunction) {
                     // Build the source for a function that evaluates "expression"
                     // For each scope variable, add an extra level of "with" nesting
@@ -1631,6 +1632,23 @@ ko.bindingProvider = new class
                 return bindingFunction(bindingContext,
                     bindingContext["$root"], bindingContext["$parent"], bindingContext["$data"] || {}, node
                 );
+*/
+                if (!bindingFunction) {
+                    // Build the source for a function that evaluates "expression"
+                    // Use one "with" that has one secure scope handling Proxy
+                    // Deprecated: with is no longer recommended
+                    var rewrittenBindings = ko.expressionRewriting.preProcessBindings(bindingsString),
+                        functionBody = "$context = new Proxy(\
+                            $context,\
+                            {\
+                                has: () => true,\
+                                get: (target, key) => target[key] || target['$data'][key]\
+                            }\
+                        );with($context){return{" + rewrittenBindings + "}}";
+                    bindingFunction = new Function("$context", functionBody);
+                    bindingCache.set(cacheKey, bindingFunction);
+                }
+                return bindingFunction(bindingContext);
             } catch (ex) {
                 ex.message = "Unable to parse bindings.\nBindings value: " + bindingsString
                     + "\nMessage: " + ex.message;