marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-10 02:49:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix for vulnerability

Browse Source
This commit is contained in:
Knut Sveidqvist
2022-04-21 21:11:48 +02:00
parent ca256308f2
commit df87ab8818
6 changed files with 246 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/mermaidAPI.js
View File

@@ -62,6 +62,7 @@ import { log, setLogLevel } from './logger';
import getStyles from './styles';
import theme from './themes';
import utils, { directiveSanitizer, assignWithDepth, sanitizeCss } from './utils';
import DOMPurify from 'dompurify';
/**
* @param text
@@ -541,6 +542,10 @@ const render = function (id, _txt, cb, container) {
)}" sandbox="allow-top-navigation-by-user-activation allow-popups">
The “iframe” tag is not supported by your browser.
</iframe>`;
} else {
if (cnf.securityLevel !== 'loose') {
svgCode = DOMPurify.sanitize(svgCode, { ADD_TAGS: ['foreignobject'] });
}
}
if (typeof cb !== 'undefined') {