#903 Allowing >,< and = characters in svg. Updating xss tests to handle both htmlLabels and non htmlLabels

2025-09-17 22:39:56 +02:00 · 2019-12-07 12:19:45 +01:00
parent 9fe0aa0604
commit c2e5e94b37
6 changed files with 34 additions and 15 deletions
--- a/cypress/platform/current.html
+++ b/cypress/platform/current.html
@@ -9,14 +9,9 @@
  <body>
    <h1>info below</h1>
    <div style="display: flex;">
-      <div class="mermaid">stateDiagram
-        [*] --> State1
-        State1 --> State2 : Transition 1
-        State1 --> State3 : Transition 2
-        State1 --> State4 : Transition 3
-        State1 --> State5 : Transition 4
-        State2 --> State3 : Transition 5
-        State1 --> [*]
+      <div class="mermaid">graph TD
+        A["a=b &&</b>"]
+        A["a=b && a>b</b>"]
      </div>
 </div>
  <script src="./mermaid.js"></script>
@@ -26,7 +21,7 @@
        // arrowMarkerAbsolute: true,
        // themeCSS: '.node rect { fill: red; }',
        logLevel: 3,
-        flowchart: { curve: 'linear' },
+        flowchart: { curve: 'linear', "htmlLabels": false },
        gantt: { axisFormat: '%m/%d/%Y' },
        sequence: { actorMargin: 50 },
        // sequenceDiagram: { actorMargin: 300 } // deprecated
--- a/cypress/platform/viewer.js
+++ b/cypress/platform/viewer.js
@@ -31,7 +31,6 @@ const contentLoaded = function() {
      document.getElementsByTagName('body')[0].appendChild(div);
    }
    global.mermaid.initialize(graphObj.mermaid);
-    // console.log('graphObj.mermaid', graphObj.mermaid)
    global.mermaid.init();
  }
 };
@@ -55,7 +54,7 @@ const contentLoadedApi = function() {
        divs[i] = div;
      }

-      global.mermaid.initialize(graphObj.mermaid);
+      mermaid2.initialize(graphObj.mermaid);

      for (let i = 0; i < numCodes; i++) {
        mermaid2.render(
@@ -74,8 +73,9 @@ const contentLoadedApi = function() {
      div.id = 'block';
      div.className = 'mermaid';
      // div.innerHTML = graphObj.code
+      console.warn('graphObj.mermaid', graphObj.mermaid);
      document.getElementsByTagName('body')[0].appendChild(div);
-      global.mermaid.initialize(graphObj.mermaid);
+      mermaid2.initialize(graphObj.mermaid);

      mermaid2.render(
        'newid',
--- a/cypress/platform/xss.html
+++ b/cypress/platform/xss.html
@@ -28,7 +28,10 @@
        div.id = 'the-malware'
        div.className = 'malware'
        div.innerHTML = 'XSS Succeeded'
-        document.getElementsByTagName('body')[0].appendChild(div)
+        document.getElementsByTagName('body')[0].appendChild(div);
+        // const el = document.querySelector('.mermaid');
+        // el.parentNode.removeChild(el);
+        throw new Error('XSS Succeded');
      }
    </script>
  </head>