marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-21 08:19:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

#901 Fixed the issue with multiple calls to bind the click functions. Also sanitized the tooltips so that no tags are allowed in them for (#847).

Browse Source
This commit is contained in:
knsv
2019-08-11 03:26:44 -07:00
parent a6f21c2b91
commit 7b335fb62e
5 changed files with 41 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/diagrams/flowchart/flowDb.js
View File

@@ -18,7 +18,7 @@ let funs = []
const sanitize = text => {
let txt = text
if (config.securityLevel === 'strict') {
if (config.securityLevel !== 'loose') {
txt = txt.replace(/<br>/g, '#br#')
txt = txt.replace(/<br\S*?\/>/g, '#br#')
txt = txt.replace(/</g, '&lt;').replace(/>/g, '&gt;')
@@ -182,13 +182,13 @@ export const setClass = function (ids, className) {
const setTooltip = function (ids, tooltip) {
ids.split(',').forEach(function (id) {
if (typeof tooltip !== 'undefined') {
tooltips[id] = tooltip
tooltips[id] = sanitize(tooltip)
}
})
}
const setClickFun = function (id, functionName) {
if (config.securityLevel === 'strict') {
if (config.securityLevel !== 'loose') {
return
}
if (typeof functionName === 'undefined') {
@@ -215,7 +215,7 @@ const setClickFun = function (id, functionName) {
export const setLink = function (ids, linkStr, tooltip) {
ids.split(',').forEach(function (id) {
if (typeof vertices[id] !== 'undefined') {
if (config.securityLevel === 'strict') {
if (config.securityLevel !== 'loose') {
vertices[id].link = sanitizeUrl(linkStr) // .replace(/javascript:.*/g, '')
} else {
vertices[id].link = linkStr