marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-12-02 02:24:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Sanitizsation of incoming variables that are added to the userStyles

Browse Source
This commit is contained in:
Knut Sveidqvist
2022-06-21 21:46:37 +02:00
parent ec2da8e85d
commit 610f154c74
3 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/mermaidAPI.js
View File

@@ -385,6 +385,8 @@ const render = function (id, _txt, cb, container) {
let userStyles = '';
// user provided theme CSS
// If you add more configuration driven data into the user styles make sure that the value is
// sanitized bye the santiizeCSS function
if (cnf.themeCSS !== undefined) {
userStyles += `\n${cnf.themeCSS}`;
}

8
src/utils.js
View File

@@ -1032,6 +1032,14 @@ export const directiveSanitizer = (args) => {
log.debug('sanitizing themeCss option');
args[key] = sanitizeCss(args[key]);
}
if (key.indexOf('fontFamily') >= 0) {
log.debug('sanitizing fontFamily option');
args[key] = sanitizeCss(args[key]);
}
if (key.indexOf('altFontFamily') >= 0) {
log.debug('sanitizing altFontFamily option');
args[key] = sanitizeCss(args[key]);
}
if (configKeys.indexOf(key) < 0) {
log.debug('sanitize deleting option', key);
delete args[key];