#2209 Combining sanitasion approaches

2025-09-21 00:09:51 +02:00 · 2021-07-29 18:05:13 +02:00
parent 52b1b23d47
commit 69a1bb99ac
2 changed files with 33 additions and 11 deletions
--- a/src/diagrams/common/common.js
+++ b/src/diagrams/common/common.js
@@ -36,8 +36,36 @@ export const removeScript = (txt) => {
  return rs;
 };

+const sanitizeMore = (text, config) => {
+  let txt = text;
+  let htmlLabels = true;
+  if (
+    config.flowchart &&
+    (config.flowchart.htmlLabels === false || config.flowchart.htmlLabels === 'false')
+  ) {
+    htmlLabels = false;
+  }
+
+  if (htmlLabels) {
+    const level = config.securityLevel;
+
+    if (level === 'antiscript') {
+      txt = removeScript(txt);
+    } else if (level !== 'loose') {
+      // eslint-disable-line
+      txt = breakToPlaceholder(txt);
+      txt = txt.replace(/</g, '&lt;').replace(/>/g, '&gt;');
+      txt = txt.replace(/=/g, '&equals;');
+      txt = placeholderToBreak(txt);
+    }
+  }
+
+  return txt;
+};
+
 export const sanitizeText = (text) => {
-  const txt = DOMPurify.sanitize(text);
+  const txt = sanitizeMore(DOMPurify.sanitize(text));
+
  return txt;
 };