marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-11-09 07:14:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Only allowing a subset of characters in themeVariables

Browse Source
This commit is contained in:
Knut Sveidqvist
2022-06-21 21:17:53 +02:00
parent 566ec14648
commit ec2da8e85d
5 changed files with 104 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/styles.js
View File

@@ -10,6 +10,7 @@ import sequence from './diagrams/sequence/styles';
import stateDiagram from './diagrams/state/styles';
import journey from './diagrams/user-journey/styles';
import c4 from './diagrams/c4/styles';
import { log } from './logger';
const themes = {
flowchart,
@@ -30,7 +31,10 @@ const themes = {
c4,
};
export const calcThemeVariables = (theme, userOverRides) => theme.calcColors(userOverRides);
export const calcThemeVariables = (theme, userOverRides) => {
log.info('userOverides', userOverRides);
return theme.calcColors(userOverRides);
};
const getStyles = (type, userStyles, options) => {
return ` {

11
src/utils.js
View File

@@ -1044,6 +1044,17 @@ export const directiveSanitizer = (args) => {
});
}
}
if (args.themeVariables) {
const kArr = Object.keys(args.themeVariables);
for (let i = 0; i < kArr.length; i++) {
const k = kArr[i];
const val = args.themeVariables[k];
if (!val.match(/^[a-zA-Z0-9#;]+$/)) {
args.themeVariables[k] = '';
}
}
}
log.debug('After sanitization', args);
};
export const sanitizeCss = (str) => {
const stringsearch = 'o';