marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-12-09 22:14:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: update dompurify to ^3.2.1

Browse Source 
As [DOMPurify 3.2.0 added TypeScript types][1], this means that we can
remove our dependency on the `@types/dompurify` package.

[DOMPurify 3.2.0 also adds the `HTML_INTEGRATION_POINTS` option][2],
which adds back support for `<foreignObject>`,
[which broke in DOMPurify 3.1.7.][3]

[1]: https://github.com/cure53/DOMPurify/releases/tag/3.2.0
[2]: e4caa67971
[3]: de2c05cd54

Cherry-picked-from: fe3cffbb67
Fixes: https://github.com/mermaid-js/mermaid/issues/6328
This commit is contained in:
Alois Klink
2024-11-25 16:32:22 +09:00
parent a65bcc55af
commit d9618daab6
5 changed files with 18 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/mermaid/package.json
View File

@@ -68,7 +68,7 @@
"d3-sankey": "^0.12.3",
"dagre-d3-es": "7.0.13",
"dayjs": "^1.11.7",
"dompurify": "^3.0.5 <3.1.7",
"dompurify": "^3.2.1",
"elkjs": "^0.9.0",
"katex": "^0.16.9",
"khroma": "^2.0.0",
@@ -88,7 +88,6 @@
"@types/d3-scale": "^4.0.3",
"@types/d3-selection": "^3.0.5",
"@types/d3-shape": "^3.1.1",
"@types/dompurify": "^3.0.2",
"@types/jsdom": "^21.1.1",
"@types/katex": "^0.16.7",
"@types/lodash-es": "^4.17.7",

12
packages/mermaid/src/diagrams/common/common.ts
View File

@@ -32,15 +32,15 @@ const setupDompurifyHooksIfNotSetup = (() => {
function setupDompurifyHooks() {
const TEMPORARY_ATTRIBUTE = 'data-temp-href-target';
DOMPurify.addHook('beforeSanitizeAttributes', (node: Element) => {
if (node.tagName === 'A' && node.hasAttribute('target')) {
node.setAttribute(TEMPORARY_ATTRIBUTE, node.getAttribute('target') || '');
DOMPurify.addHook('beforeSanitizeAttributes', (node) => {
if (node instanceof Element && node.tagName === 'A' && node.hasAttribute('target')) {
node.setAttribute(TEMPORARY_ATTRIBUTE, node.getAttribute('target') ?? '');
}
});
DOMPurify.addHook('afterSanitizeAttributes', (node: Element) => {
if (node.tagName === 'A' && node.hasAttribute(TEMPORARY_ATTRIBUTE)) {
node.setAttribute('target', node.getAttribute(TEMPORARY_ATTRIBUTE) || '');
DOMPurify.addHook('afterSanitizeAttributes', (node) => {
if (node instanceof Element && node.tagName === 'A' && node.hasAttribute(TEMPORARY_ATTRIBUTE)) {
node.setAttribute('target', node.getAttribute(TEMPORARY_ATTRIBUTE) ?? '');
node.removeAttribute(TEMPORARY_ATTRIBUTE);
if (node.getAttribute('target') === '_blank') {
node.setAttribute('rel', 'noopener');

1
packages/mermaid/src/mermaidAPI.ts
View File

@@ -464,6 +464,7 @@ const render = async function (
svgCode = DOMPurify.sanitize(svgCode, {
ADD_TAGS: DOMPURIFY_TAGS,
ADD_ATTR: DOMPURIFY_ATTR,
HTML_INTEGRATION_POINTS: { foreignobject: true },
});
}