Merge branch 'sidv/typescript' of https://github.com/mermaid-js/mermaid into sidv/typescript

* 'sidv/typescript' of https://github.com/mermaid-js/mermaid: Update src/config.ts
2025-10-25 17:04:19 +02:00 · 2022-08-23 21:35:43 +05:30
parent 32ba2d5ffe 0e0802a588
commit a8042f622f
1 changed files with 1 additions and 1 deletions
--- a/src/config.ts
+++ b/src/config.ts
@@ -151,7 +151,7 @@ export const getConfig = (): MermaidConfig => {
 */
 export const sanitize = (options: any) => {
  // Checking that options are not in the list of excluded options
-  siteConfig.secure?.forEach((key) => {
+  ['secure', ...(siteConfig.secure ?? [])].forEach((key) => {
    if (typeof options[key] !== 'undefined') {
      // DO NOT attempt to print options[key] within `${}` as a malicious script
      // can exploit the logger's attempt to stringify the value and execute arbitrary code