e2e test for stricter security in mermaid

e2e/platform/viewer.js

@@ -1,4 +1,5 @@
 import { Base64 } from 'js-base64'
+import mermaid from '../../dist/mermaid.core'
 
 /**
  * ##contentLoaded
@@ -22,6 +23,29 @@ const contentLoaded = function () {
     global.mermaid.init()
   }
 }
+const contentLoadedApi = function () {
+  let pos = document.location.href.indexOf('?graph=')
+  if (pos > 0) {
+    pos = pos + 7
+    const graphBase64 = document.location.href.substr(pos)
+    const graphObj = JSON.parse(Base64.decode(graphBase64))
+    // const graph = 'hello'
+    console.log(graphObj)
+    const div = document.createElement('div')
+    div.id = 'block'
+    div.className = 'mermaid'
+    // div.innerHTML = graphObj.code
+    document.getElementsByTagName('body')[0].appendChild(div)
+    global.mermaid.initialize(graphObj.mermaid)
+    console.log('apa')
+
+    mermaid.render('newid', graphObj.code, (svgCode, bindFunctions) => {
+      div.innerHTML = svgCode
+
+      bindFunctions(div)
+    }, div)
+  }
+}
 
 if (typeof document !== 'undefined') {
   /*!
@@ -30,7 +54,12 @@ if (typeof document !== 'undefined') {
   window.addEventListener(
     'load',
     function () {
-      contentLoaded()
+      if (this.location.href.match('xss.html')) {
+        this.console.log('Using api')
+        contentLoadedApi()
+      } else {
+        contentLoaded()
+      }
     },
     false
   )