marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-08-31 22:26:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

#1218 Fix anchor and script support in link click events

Browse Source
This commit is contained in:
Marc Faber
2020-01-26 16:56:42 +01:00
parent 28153656d7
commit c7b46f4fba
4 changed files with 96 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
cypress/integration/rendering/flowchart.spec.js
View File

@@ -524,4 +524,24 @@ describe('Flowchart', () => {
{ flowchart: { htmlLabels: false } } { flowchart: { htmlLabels: false } }
); );
}); });
it('24: Handle link click events (link, anchor, mailto, other protocol, script)', () => {
imgSnapshotTest(
`graph TB
TITLE["Link Click Events<br>(click the nodes below)"]
A[link test]
B[anchor test]
C[mailto test]
D[other protocol test]
E[script test]
TITLE --> A & B & C & D & E
click A "https://mermaid-js.github.io/mermaid/#/" "link test"
click B "#link-clicked" "anchor test"
click C "mailto:user@user.user" "mailto test"
click D "notes://do-your-thing/id" "other protocol test"
click E "javascript:alert('test')" "script test"
`,
{ securityLevel: 'loose' }
);
});
}); });

18
dist/index.html vendored
View File

@@ -353,6 +353,21 @@ graph TB
linkStyle 1 stroke:greenyellow,stroke-width:2px linkStyle 1 stroke:greenyellow,stroke-width:2px
style C fill:greenyellow,stroke:green,stroke-width:4px style C fill:greenyellow,stroke:green,stroke-width:4px
</div> </div>
<div class="mermaid">
graph TB
TITLE["Link Click Events<br>(click the nodes below)"]
A[link test]
B[anchor test]
C[mailto test]
D[other protocol test]
E[script test]
TITLE --> A & B & C & D & E
click A "https://mermaid-js.github.io/mermaid/#/" "link test"
click B "#link-clicked" "anchor test"
click C "mailto:user@user.user" "mailto test"
click D "notes://do-your-thing/id" "other protocol test"
click E "javascript:alert('test')" "script test"
</div>
<hr/> <hr/>
@@ -587,12 +602,15 @@ class Class10 {
end note end note
</div> </div>
<h1 id="link-clicked">Anchor for "link-clicked" test</h1>
<script src="./mermaid.js"></script> <script src="./mermaid.js"></script>
<script> <script>
mermaid.initialize({ mermaid.initialize({
theme: 'forest', theme: 'forest',
// themeCSS: '.node rect { fill: red; }', // themeCSS: '.node rect { fill: red; }',
logLevel: 3, logLevel: 3,
securityLevel: 'loose',
flowchart: { curve: 'basis' }, flowchart: { curve: 'basis' },
gantt: { axisFormat: '%m/%d/%Y' }, gantt: { axisFormat: '%m/%d/%Y' },
sequence: { actorMargin: 50 }, sequence: { actorMargin: 50 },

4
src/utils.js
View File

@@ -99,10 +99,6 @@ export const formatUrl = (linkStr, config) => {
if (url) { if (url) {
if (config.securityLevel !== 'loose') { if (config.securityLevel !== 'loose') {
return sanitizeUrl(url); return sanitizeUrl(url);
} else {
if (!/^(https?:)?\/\//i.test(url)) {
url = 'http://' + url;
}
} }
return url; return url;

58
src/utils.spec.js
View File

@@ -37,3 +37,61 @@ describe('when finding substring in array ', function() {
expect(result).toEqual(-1); expect(result).toEqual(-1);
}); });
}); });
describe('when formatting urls', function() {
it('should handle links', function() {
const url = 'https://mermaid-js.github.io/mermaid/#/';
let config = { securityLevel: 'loose' };
let result = utils.formatUrl(url, config);
expect(result).toEqual(url);
config.securityLevel = 'strict';
result = utils.formatUrl(url, config);
expect(result).toEqual(url);
});
it('should handle anchors', function() {
const url = '#interaction';
let config = { securityLevel: 'loose' };
let result = utils.formatUrl(url, config);
expect(result).toEqual(url);
config.securityLevel = 'strict';
result = utils.formatUrl(url, config);
expect(result).toEqual('about:blank');
});
it('should handle mailto', function() {
const url = 'mailto:user@user.user';
let config = { securityLevel: 'loose' };
let result = utils.formatUrl(url, config);
expect(result).toEqual(url);
config.securityLevel = 'strict';
result = utils.formatUrl(url, config);
expect(result).toEqual(url);
});
it('should handle other protocols', function() {
const url = 'notes://do-your-thing/id';
let config = { securityLevel: 'loose' };
let result = utils.formatUrl(url, config);
expect(result).toEqual(url);
config.securityLevel = 'strict';
result = utils.formatUrl(url, config);
expect(result).toEqual(url);
});
it('should handle scripts', function() {
const url = 'javascript:alert("test")';
let config = { securityLevel: 'loose' };
let result = utils.formatUrl(url, config);
expect(result).toEqual(url);
config.securityLevel = 'strict';
result = utils.formatUrl(url, config);
expect(result).toEqual('about:blank');
});
});