From 2a9eb7f1238819d92ba3bd336a1916cbabc819b4 Mon Sep 17 00:00:00 2001
From: Harshit Anand <harshitanand283@gmail.com>
Date: Mon, 9 Oct 2023 21:13:53 +0530
Subject: [PATCH] fix: target blank removed from anchor tag

---
 packages/mermaid/src/diagrams/common/common.ts | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/packages/mermaid/src/diagrams/common/common.ts b/packages/mermaid/src/diagrams/common/common.ts
index e0ca2929d..25c6250a9 100644
--- a/packages/mermaid/src/diagrams/common/common.ts
+++ b/packages/mermaid/src/diagrams/common/common.ts
@@ -28,6 +28,21 @@ export const removeScript = (txt: string): string => {
   return DOMPurify.sanitize(txt);
 };
 
+DOMPurify.addHook('afterSanitizeAttributes', function (node) {
+  // set all elements owning target to target=_blank
+  if ('target' in node) {
+    node.setAttribute('target', '_blank');
+    node.setAttribute('rel', 'noopener noreferrer');
+  }
+  // set non-HTML/MathML links to xlink:show=new
+  if (
+    !node.hasAttribute('target') &&
+    (node.hasAttribute('xlink:href') || node.hasAttribute('href'))
+  ) {
+    node.setAttribute('xlink:show', 'new');
+  }
+});
+
 const sanitizeMore = (text: string, config: MermaidConfig) => {
   if (config.flowchart?.htmlLabels !== false) {
     const level = config.securityLevel;