mirror of
https://github.com/mermaid-js/mermaid.git
synced 2025-09-25 10:20:06 +02:00
Merge branch 'release/8.13.1' into develop
This commit is contained in:
Ashish Jain
@@ -29,10 +29,11 @@ export const removeScript = (txt) => {
|
||||
}
|
||||
}
|
||||
|
||||
rs = rs.replace(/javascript:/g, '#');
|
||||
rs = rs.replace(/onerror=/g, 'onerror:');
|
||||
rs = rs.replace(/<iframe/g, '');
|
||||
|
||||
rs = rs.replace(/script>/gi, '#');
|
||||
rs = rs.replace(/script>/gi, '#');
|
||||
rs = rs.replace(/javascript:/gi, '#');
|
||||
rs = rs.replace(/onerror=/gi, 'onerror:');
|
||||
rs = rs.replace(/<iframe/gi, '');
|
||||
return rs;
|
||||
};
|
||||
|
||||
@@ -64,7 +65,10 @@ const sanitizeMore = (text, config) => {
|
||||
};
|
||||
|
||||
export const sanitizeText = (text, config) => {
|
||||
const txt = sanitizeMore(DOMPurify.sanitize(text), config);
|
||||
const level = config.securityLevel;
|
||||
console.log('security level', level);
|
||||
if (!text) return text;
|
||||
const txt = DOMPurify.sanitize(sanitizeMore(text, config));
|
||||
return txt;
|
||||
};
|
||||
|
||||
|
||||
@@ -112,7 +112,7 @@ describe('[Singlenodes] when parsing', () => {
|
||||
expect(vert['a'].type).toBe('diamond');
|
||||
});
|
||||
|
||||
it('should handle a single diamond node with html in it', function() {
|
||||
it('should handle a single diamond node with html in it (SN3)', function() {
|
||||
// Silly but syntactically correct
|
||||
const res = flow.parser.parse('graph TD;a{A <br> end};');
|
||||
|
||||
@@ -121,7 +121,7 @@ describe('[Singlenodes] when parsing', () => {
|
||||
|
||||
expect(edges.length).toBe(0);
|
||||
expect(vert['a'].type).toBe('diamond');
|
||||
expect(vert['a'].text).toBe('A <br/> end');
|
||||
expect(vert['a'].text).toBe('A <br> end');
|
||||
});
|
||||
|
||||
it('should handle a single hexagon node', function() {
|
||||
@@ -144,7 +144,7 @@ describe('[Singlenodes] when parsing', () => {
|
||||
|
||||
expect(edges.length).toBe(0);
|
||||
expect(vert['a'].type).toBe('hexagon');
|
||||
expect(vert['a'].text).toBe('A <br/> end');
|
||||
expect(vert['a'].text).toBe('A <br> end');
|
||||
});
|
||||
|
||||
it('should handle a single round node with html in it', function() {
|
||||
@@ -156,7 +156,7 @@ describe('[Singlenodes] when parsing', () => {
|
||||
|
||||
expect(edges.length).toBe(0);
|
||||
expect(vert['a'].type).toBe('round');
|
||||
expect(vert['a'].text).toBe('A <br/> end');
|
||||
expect(vert['a'].text).toBe('A <br> end');
|
||||
});
|
||||
|
||||
it('should handle a single node with alphanumerics starting on a char', function() {
|
||||
|
||||
@@ -328,7 +328,7 @@ describe('[Text] when parsing', () => {
|
||||
const edges = flow.parser.yy.getEdges();
|
||||
|
||||
expect(vert['C'].type).toBe('round');
|
||||
expect(vert['C'].text).toBe('Chimpansen hoppar åäö <br/> - ÅÄÖ');
|
||||
expect(vert['C'].text).toBe('Chimpansen hoppar åäö <br> - ÅÄÖ');
|
||||
});
|
||||
// xit('it should handle åäö, minus and space and br',function(){
|
||||
// const res = flow.parser.parse('graph TD; A[Object(foo,bar)]-->B(Thing);');
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
import { log } from '../../logger';
|
||||
import { generateId } from '../../utils';
|
||||
import mermaidAPI from '../../mermaidAPI';
|
||||
import common from '../common/common';
|
||||
import * as configApi from '../../config';
|
||||
|
||||
const clone = (o) => JSON.parse(JSON.stringify(o));
|
||||
|
||||
let rootDoc = [];
|
||||
|
||||
export const parseDirective = function (statement, context, type) {
|
||||
@@ -148,7 +148,13 @@ export const addState = function (id, type, doc, descr, note) {
|
||||
}
|
||||
}
|
||||
|
||||
if (note) currentDocument.states[id].note = note;
|
||||
if (note) {
|
||||
currentDocument.states[id].note = note;
|
||||
currentDocument.states[id].note.text = common.sanitizeText(
|
||||
currentDocument.states[id].note.text,
|
||||
configApi.getConfig()
|
||||
);
|
||||
}
|
||||
};
|
||||
|
||||
export const clear = function () {
|
||||
@@ -195,7 +201,11 @@ export const addRelation = function (_id1, _id2, title) {
|
||||
}
|
||||
addState(id1, type1);
|
||||
addState(id2, type2);
|
||||
currentDocument.relations.push({ id1, id2, title: title });
|
||||
currentDocument.relations.push({
|
||||
id1,
|
||||
id2,
|
||||
title: common.sanitizeText(title, configApi.getConfig()),
|
||||
});
|
||||
};
|
||||
|
||||
const addDescription = function (id, _descr) {
|
||||
@@ -204,8 +214,7 @@ const addDescription = function (id, _descr) {
|
||||
if (descr[0] === ':') {
|
||||
descr = descr.substr(1).trim();
|
||||
}
|
||||
|
||||
theState.descriptions.push(descr);
|
||||
theState.descriptions.push(common.sanitizeText(descr, configApi.getConfig()));
|
||||
};
|
||||
|
||||
export const cleanupLabel = function (label) {
|
||||
|
||||
@@ -3,10 +3,10 @@ import { select } from 'd3';
|
||||
import stateDb from './stateDb';
|
||||
import state from './parser/stateDiagram';
|
||||
import { getConfig } from '../../config';
|
||||
// import { evaluate } from '../common/common';
|
||||
import { render } from '../../dagre-wrapper/index.js';
|
||||
import { log } from '../../logger';
|
||||
import { configureSvgSize } from '../../utils';
|
||||
import common from '../common/common';
|
||||
|
||||
const conf = {};
|
||||
export const setConf = function (cnf) {
|
||||
@@ -51,7 +51,7 @@ const setupNode = (g, parent, node, altFlag) => {
|
||||
nodeDb[node.id] = {
|
||||
id: node.id,
|
||||
shape,
|
||||
description: node.id,
|
||||
description: common.sanitizeText(node.id, getConfig()),
|
||||
classes: 'statediagram-state',
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user