marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-10-09 17:19:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2958 from mermaid-js/decode_entities_update

Browse Source 
Removal of vulnerability
This commit is contained in:
Knut Sveidqvist
2022-04-21 21:25:08 +02:00
committed by GitHub
parent a3e6d3cd76 df87ab8818
commit c0bdf9d99b
6 changed files with 246 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/diagrams/common/common.js
View File

@@ -59,6 +59,7 @@ export const removeScript = (txt) => {
let decodedText = removeEscapes(rs);
decodedText = decodedText.replace(/script>/gi, '#');
decodedText = decodedText.replace(/javascript:/gi, '#');
decodedText = decodedText.replace(/javascript&colon/gi, '#');
decodedText = decodedText.replace(/onerror=/gi, 'onerror:');
decodedText = decodedText.replace(/<iframe/gi, '');
return decodedText;