From a06f6f96044f15c7f7b22a57d9cd402207dd352d Mon Sep 17 00:00:00 2001 From: Ashish Jain Date: Thu, 7 Oct 2021 21:48:44 +0200 Subject: [PATCH] Add sanitize to properties and link in Sequence Diagram --- .../integration/rendering/sequencediagram.spec.js | 6 ++++-- src/diagrams/sequence/sequenceDb.js | 14 +++++++++----- src/diagrams/sequence/sequenceDiagram.spec.js | 3 ++- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/cypress/integration/rendering/sequencediagram.spec.js b/cypress/integration/rendering/sequencediagram.spec.js index 5cc2cfcd9..cd9bc3faa 100644 --- a/cypress/integration/rendering/sequencediagram.spec.js +++ b/cypress/integration/rendering/sequencediagram.spec.js @@ -563,7 +563,8 @@ context('Sequence diagram', () => { }); }); context('links', () => { - it('should support actor links and properties', () => { + it('should support actor links and properties EXPERIMENTAL: USE WITH CAUTION', () => { + //Be aware that the syntax for "properties" is likely to be changed. imgSnapshotTest( ` %%{init: { "config": { "mirrorActors": true, "forceMenus": true }}}%% @@ -583,7 +584,8 @@ context('Sequence diagram', () => { { logLevel: 0, sequence: { mirrorActors: true, noteFontSize: 18, noteFontFamily: 'Arial' } } ); }); - it('should support actor links and properties when not mirrored', () => { + it('should support actor links and properties when not mirrored EXPERIMENTAL: USE WITH CAUTION', () => { + //Be aware that the syntax for "properties" is likely to be changed. imgSnapshotTest( ` %%{init: { "config": { "mirrorActors": false, "forceMenus": true, "wrap": true }}}%% diff --git a/src/diagrams/sequence/sequenceDb.js b/src/diagrams/sequence/sequenceDb.js index f6dcf3b54..594a9f0c0 100644 --- a/src/diagrams/sequence/sequenceDb.js +++ b/src/diagrams/sequence/sequenceDb.js @@ -1,6 +1,7 @@ import mermaidAPI from '../../mermaidAPI'; import * as configApi from '../../config'; import { log } from '../../logger'; +import { sanitizeText } from '../common/common'; let prevActor = undefined; let actors = {}; @@ -219,7 +220,8 @@ export const addLinks = function (actorId, text) { const actor = getActor(actorId); // JSON.parse the text try { - const links = JSON.parse(text.text); + let sanitizedText = sanitizeText(text.text, configApi.getConfig()); + const links = JSON.parse(sanitizedText); // add the deserialized text to the actor's links field. insertLinks(actor, links); } catch (e) { @@ -232,9 +234,10 @@ export const addALink = function (actorId, text) { const actor = getActor(actorId); try { const links = {}; - var sep = text.text.indexOf('@'); - var label = text.text.slice(0, sep - 1).trim(); - var link = text.text.slice(sep + 1).trim(); + let sanitizedText = sanitizeText(text.text, configApi.getConfig()); + var sep = sanitizedText.indexOf('@'); + var label = sanitizedText.slice(0, sep - 1).trim(); + var link = sanitizedText.slice(sep + 1).trim(); links[label] = link; // add the deserialized text to the actor's links field. @@ -259,7 +262,8 @@ export const addProperties = function (actorId, text) { const actor = getActor(actorId); // JSON.parse the text try { - const properties = JSON.parse(text.text); + let sanitizedText = sanitizeText(text.text, configApi.getConfig()); + const properties = JSON.parse(sanitizedText); // add the deserialized text to the actor's property field. insertProperties(actor, properties); } catch (e) { diff --git a/src/diagrams/sequence/sequenceDiagram.spec.js b/src/diagrams/sequence/sequenceDiagram.spec.js index 0ff81b3d2..1ab2565a1 100644 --- a/src/diagrams/sequence/sequenceDiagram.spec.js +++ b/src/diagrams/sequence/sequenceDiagram.spec.js @@ -976,7 +976,8 @@ link a: Tests @ https://tests.contoso.com/?svc=alice@contoso.com expect(actors.a.links["Tests"]).toBe("https://tests.contoso.com/?svc=alice@contoso.com"); }); - it('it should handle properties', function () { + it('it should handle properties EXPERIMENTAL: USE WITH CAUTION', function () { + //Be aware that the syntax for "properties" is likely to be changed. const str = ` sequenceDiagram participant a as Alice