marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-12 11:59:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: fix a few security vulnerabilities

Browse Source
This commit is contained in:
Yash-Singh1
2022-04-28 19:29:56 -07:00
parent a62d53e9a7
commit dc53699a96
4 changed files with 37 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/diagrams/common/common.js
View File

@@ -57,11 +57,11 @@ export const removeScript = (txt) => {
}
}
let decodedText = removeEscapes(rs);
decodedText = decodedText.replace(/script>/gi, '#');
decodedText = decodedText.replace(/javascript:/gi, '#');
decodedText = decodedText.replace(/javascript&colon/gi, '#');
decodedText = decodedText.replace(/onerror=/gi, 'onerror:');
decodedText = decodedText.replace(/<iframe/gi, '');
decodedText = decodedText.replaceAll(/script>/gi, '#');
decodedText = decodedText.replaceAll(/javascript:/gi, '#');
decodedText = decodedText.replaceAll(/javascript&colon/gi, '#');
decodedText = decodedText.replaceAll(/onerror=/gi, 'onerror:');
decodedText = decodedText.replaceAll(/<iframe/gi, '');
return decodedText;
};