marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-23 17:29:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

#1218 Fix anchor and script support in link click events

Browse Source
This commit is contained in:
Marc Faber
2020-01-26 16:56:42 +01:00
parent 28153656d7
commit c7b46f4fba
4 changed files with 96 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/utils.js
View File

@@ -99,10 +99,6 @@ export const formatUrl = (linkStr, config) => {
if (url) {
if (config.securityLevel !== 'loose') {
return sanitizeUrl(url);
} else {
if (!/^(https?:)?\/\//i.test(url)) {
url = 'http://' + url;
}
}
return url;

58
src/utils.spec.js
View File

@@ -37,3 +37,61 @@ describe('when finding substring in array ', function() {
expect(result).toEqual(-1);
});
});
describe('when formatting urls', function() {
it('should handle links', function() {
const url = 'https://mermaid-js.github.io/mermaid/#/';
let config = { securityLevel: 'loose' };
let result = utils.formatUrl(url, config);
expect(result).toEqual(url);
config.securityLevel = 'strict';
result = utils.formatUrl(url, config);
expect(result).toEqual(url);
});
it('should handle anchors', function() {
const url = '#interaction';
let config = { securityLevel: 'loose' };
let result = utils.formatUrl(url, config);
expect(result).toEqual(url);
config.securityLevel = 'strict';
result = utils.formatUrl(url, config);
expect(result).toEqual('about:blank');
});
it('should handle mailto', function() {
const url = 'mailto:user@user.user';
let config = { securityLevel: 'loose' };
let result = utils.formatUrl(url, config);
expect(result).toEqual(url);
config.securityLevel = 'strict';
result = utils.formatUrl(url, config);
expect(result).toEqual(url);
});
it('should handle other protocols', function() {
const url = 'notes://do-your-thing/id';
let config = { securityLevel: 'loose' };
let result = utils.formatUrl(url, config);
expect(result).toEqual(url);
config.securityLevel = 'strict';
result = utils.formatUrl(url, config);
expect(result).toEqual(url);
});
it('should handle scripts', function() {
const url = 'javascript:alert("test")';
let config = { securityLevel: 'loose' };
let result = utils.formatUrl(url, config);
expect(result).toEqual(url);
config.securityLevel = 'strict';
result = utils.formatUrl(url, config);
expect(result).toEqual('about:blank');
});
});