marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-11-19 12:14:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3334 from mermaid-js/sidv/fixDoc

Browse Source 
Add `sandbox` to `securityLevel` docs
This commit is contained in:
Knut Sveidqvist
2022-08-23 20:10:06 +02:00
committed by GitHub
parent c50745323a 248a7aff7a
commit 11809e799b
6 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/defaultConfig.js
View File

@@ -64,9 +64,9 @@ const config = {
logLevel: 5,
/**
* | Parameter | Description | Type | Required | Values |
* | ------------- | --------------------------------- | ------ | -------- | ------------------------------- |
* | securitylevel | Level of trust for parsed diagram | string | Required | 'strict', 'loose', 'antiscript' |
* | Parameter | Description | Type | Required | Values |
* | ------------- | --------------------------------- | ------ | -------- | ------------------------------------------ |
* | securityLevel | Level of trust for parsed diagram | string | Required | 'sandbox', 'strict', 'loose', 'antiscript' |
*
* **Notes**:
*
@@ -74,6 +74,9 @@ const config = {
* - **loose**: tags in text are allowed, click functionality is enabled
* - **antiscript**: html tags in text are allowed, (only script element is removed), click
* functionality is enabled
* - **sandbox**: With this security level all rendering takes place in a sandboxed iframe. This
* prevent any JavaScript from running in the context. This may hinder interactive functionality
* of the diagram like scripts, popups in sequence diagram or links to other tabs/targets etc.
*/
securityLevel: 'strict',

2
src/mermaidAPI.js
View File

@@ -141,7 +141,7 @@ export const decodeEntities = function (text) {
* @param {any} _txt The graph definition
* @param {any} cb Callback which is called after rendering is finished with the svg code as inparam.
* @param {any} container Selector to element in which a div with the graph temporarily will be
* inserted. In one is provided a hidden div will be inserted in the body of the page instead. The
* inserted. If one is provided a hidden div will be inserted in the body of the page instead. The
* element will be removed when rendering is completed.
* @returns {any}
*/