mirror of
				https://github.com/mermaid-js/mermaid.git
				synced 2025-10-26 08:24:07 +01:00 
			
		
		
		
	Merge pull request #2831 from gwincr11/cg-custom-dompurify-config
Add dompurify config option
This commit is contained in:
		| @@ -786,6 +786,43 @@ | |||||||
|  |  | ||||||
|   <script src="./mermaid.js"></script> |   <script src="./mermaid.js"></script> | ||||||
|   <script> |   <script> | ||||||
|  |     const ALLOWED_TAGS = [ | ||||||
|  |       'a', | ||||||
|  |   'b', | ||||||
|  |   'blockquote', | ||||||
|  |   'br', | ||||||
|  |   'dd', | ||||||
|  |   'div', | ||||||
|  |   'dl', | ||||||
|  |       'dt', | ||||||
|  |   'em', | ||||||
|  |   'foreignObject', | ||||||
|  |   'h1', | ||||||
|  |   'h2', | ||||||
|  |   'h3', | ||||||
|  |   'h4', | ||||||
|  |       'h5', | ||||||
|  |   'h6', | ||||||
|  |   'h7', | ||||||
|  |   'h8', | ||||||
|  |   'hr', | ||||||
|  |   'i', | ||||||
|  |   'li', | ||||||
|  |   'ul', | ||||||
|  |   'ol', | ||||||
|  |   'p', | ||||||
|  |       'pre', | ||||||
|  |   'span', | ||||||
|  |   'strike', | ||||||
|  |   'strong', | ||||||
|  |   'table', | ||||||
|  |   'tbody', | ||||||
|  |       'td', | ||||||
|  |   'tfoot', | ||||||
|  |   'th', | ||||||
|  |   'thead', | ||||||
|  |   'tr', | ||||||
|  |     ]; | ||||||
|     mermaid.initialize({ |     mermaid.initialize({ | ||||||
|       theme: 'forest', |       theme: 'forest', | ||||||
|       // themeCSS: '.node rect { fill: red; }', |       // themeCSS: '.node rect { fill: red; }', | ||||||
| @@ -794,6 +831,13 @@ | |||||||
|       flowchart: { curve: 'basis' }, |       flowchart: { curve: 'basis' }, | ||||||
|       gantt: { axisFormat: '%m/%d/%Y' }, |       gantt: { axisFormat: '%m/%d/%Y' }, | ||||||
|       sequence: { actorMargin: 50 }, |       sequence: { actorMargin: 50 }, | ||||||
|  |       dompurifyConfig: { | ||||||
|  |         USE_PROFILES: { | ||||||
|  |           svg: true, | ||||||
|  |         }, | ||||||
|  |         ADD_TAGS: ALLOWED_TAGS, | ||||||
|  |         ADD_ATTR: ['transform-origin'], | ||||||
|  |       }, | ||||||
|       // sequenceDiagram: { actorMargin: 300 } // deprecated |       // sequenceDiagram: { actorMargin: 300 } // deprecated | ||||||
|     }); |     }); | ||||||
|   </script> |   </script> | ||||||
|   | |||||||
| @@ -15,3 +15,8 @@ You may also reach out to the team via our public Slack chat channels; however, | |||||||
| Keep current with the latest Mermaid releases. We regularly update Mermaid, and these updates may fix security defects discovered in previous versions. Check the Mermaid release notes for security-related updates. | Keep current with the latest Mermaid releases. We regularly update Mermaid, and these updates may fix security defects discovered in previous versions. Check the Mermaid release notes for security-related updates. | ||||||
|  |  | ||||||
| Keep your application’s dependencies up to date. Make sure you upgrade your package dependencies to keep the dependencies up to date. Avoid pinning to specific versions for your dependencies and, if you do, make sure you check periodically to see if your dependencies have had security updates, and update the pin accordingly. | Keep your application’s dependencies up to date. Make sure you upgrade your package dependencies to keep the dependencies up to date. Avoid pinning to specific versions for your dependencies and, if you do, make sure you check periodically to see if your dependencies have had security updates, and update the pin accordingly. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ## Configuring DomPurify | ||||||
|  |  | ||||||
|  | By default Mermaid uses a baseline [DOMPurify](https://github.com/cure53/DOMPurify) config. It is possible to override the options passed to DOMPurify by adding a `dompurifyConfig` key to the Mermaid options. This could potentially break the output of Mermaid so use this with caution. | ||||||
| @@ -93,7 +93,12 @@ const sanitizeMore = (text, config) => { | |||||||
|  |  | ||||||
| export const sanitizeText = (text, config) => { | export const sanitizeText = (text, config) => { | ||||||
|   if (!text) return text; |   if (!text) return text; | ||||||
|   const txt = DOMPurify.sanitize(sanitizeMore(text, config)); |   let txt = ''; | ||||||
|  |   if (config['dompurifyConfig']) { | ||||||
|  |     txt = DOMPurify.sanitize(sanitizeMore(text, config), config['dompurifyConfig']); | ||||||
|  |   } else { | ||||||
|  |     txt = DOMPurify.sanitize(sanitizeMore(text, config)); | ||||||
|  |   } | ||||||
|   return txt; |   return txt; | ||||||
| }; | }; | ||||||
|  |  | ||||||
|   | |||||||
| @@ -113,6 +113,12 @@ describe('when using mermaidAPI and ', function () { | |||||||
|       expect(mermaidAPI.defaultConfig['logLevel']).toBe(5); |       expect(mermaidAPI.defaultConfig['logLevel']).toBe(5); | ||||||
|     }); |     }); | ||||||
|   }); |   }); | ||||||
|  |   describe('dompurify config', function () { | ||||||
|  |     it('should allow dompurify config to be set', function () { | ||||||
|  |       mermaidAPI.initialize({ dompurifyConfig: { ADD_ATTR: ['onclick'] } }); | ||||||
|  |       expect(mermaidAPI.getConfig().dompurifyConfig.ADD_ATTR).toEqual(['onclick']); | ||||||
|  |     }); | ||||||
|  |   }); | ||||||
|   describe('checking validity of input ', function () { |   describe('checking validity of input ', function () { | ||||||
|     it('it should throw for an invalid definiton', function () { |     it('it should throw for an invalid definiton', function () { | ||||||
|       expect(() => mermaidAPI.parse('this is not a mermaid diagram definition')).toThrow(); |       expect(() => mermaidAPI.parse('this is not a mermaid diagram definition')).toThrow(); | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Knut Sveidqvist
					Knut Sveidqvist