From b3210ed2efb69d74c1e1a33450300b1396b62331 Mon Sep 17 00:00:00 2001 From: eajenkins Date: Thu, 2 Sep 2021 11:59:43 -0700 Subject: [PATCH] Added sanitization of the links to prevent script injection attacks. --- src/diagrams/sequence/svgDraw.js | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/diagrams/sequence/svgDraw.js b/src/diagrams/sequence/svgDraw.js index b126fba2a..1850ca93e 100644 --- a/src/diagrams/sequence/svgDraw.js +++ b/src/diagrams/sequence/svgDraw.js @@ -18,6 +18,10 @@ export const drawRect = function (elem, rectData) { return rectElem; }; +const sanitizeUrl = function (s) { + return s.replace(/&/g, '&').replace(/