marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-17 06:20:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix for vulnerability

Browse Source
This commit is contained in:
Knut Sveidqvist
2022-04-21 21:11:48 +02:00
parent ca256308f2
commit df87ab8818
6 changed files with 246 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/diagrams/common/common.js
View File

@@ -59,6 +59,7 @@ export const removeScript = (txt) => {
let decodedText = removeEscapes(rs);
decodedText = decodedText.replace(/script>/gi, '#');
decodedText = decodedText.replace(/javascript:/gi, '#');
decodedText = decodedText.replace(/javascript&colon/gi, '#');
decodedText = decodedText.replace(/onerror=/gi, 'onerror:');
decodedText = decodedText.replace(/<iframe/gi, '');
return decodedText;