marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-13 20:39:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

#2170 Adding dompurify

Browse Source
This commit is contained in:
Knut Sveidqvist
2021-07-05 10:21:11 +02:00
parent 1310619848
commit 2f73fd3a9d
2 changed files with 5 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Setup.md
View File

@@ -1110,7 +1110,7 @@ mermaidAPI.initialize({
<script> <script>
var config = { var config = {
theme:'default', theme:'default',
logLevel: 5, // corresponds with "fatal" logLevel:'fatal',
securityLevel:'strict', securityLevel:'strict',
startOnLoad:true, startOnLoad:true,
arrowMarkerAbsolute:false, arrowMarkerAbsolute:false,

28
src/diagrams/common/common.js
View File

@@ -1,3 +1,5 @@
import DOMPurify from 'dompurify';
export const getRows = s => { export const getRows = s => {
if (!s) return 1; if (!s) return 1;
let str = breakToPlaceholder(s); let str = breakToPlaceholder(s);
@@ -34,30 +36,8 @@ export const removeScript = txt => {
return rs; return rs;
}; };
export const sanitizeText = (text, config) => { export const sanitizeText = text => {
let txt = text; const txt = DOMPurify.sanitize(text);
let htmlLabels = true;
if (
config.flowchart &&
(config.flowchart.htmlLabels === false || config.flowchart.htmlLabels === 'false')
) {
htmlLabels = false;
}
if (htmlLabels) {
const level = config.securityLevel;
if (level === 'antiscript') {
txt = removeScript(txt);
} else if (level !== 'loose') {
// eslint-disable-line
txt = breakToPlaceholder(txt);
txt = txt.replace(/</g, '&lt;').replace(/>/g, '&gt;');
txt = txt.replace(/=/g, '&equals;');
txt = placeholderToBreak(txt);
}
}
return txt; return txt;
}; };