marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-21 00:09:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

#847 Better sanitizing of urls

Browse Source
This commit is contained in:
knsv
2019-07-22 02:18:09 -07:00
parent c33533082c
commit f11d1a6fa1
6 changed files with 59 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/diagrams/flowchart/flowDb.js
View File

@@ -1,5 +1,5 @@
import * as d3 from 'd3'
import { sanitizeUrl } from '@braintree/sanitize-url'
import { logger } from '../../logger'
import utils from '../../utils'
import { getConfig } from '../../config'
@@ -22,6 +22,7 @@ const sanitize = text => {
txt = txt.replace(/<br>/g, '#br#')
txt = txt.replace(/<br\S*?\/>/g, '#br#')
txt = txt.replace(/</g, '&lt;').replace(/>/g, '&gt;')
txt = txt.replace(/=/g, '&equals;')
txt = txt.replace(/#br#/g, '<br/>')
}
@@ -215,7 +216,7 @@ export const setLink = function (ids, linkStr, tooltip) {
ids.split(',').forEach(function (id) {
if (typeof vertices[id] !== 'undefined') {
if (config.securityLevel === 'strict') {
vertices[id].link = linkStr.replace(/javascript:.*/g, '')
vertices[id].link = sanitizeUrl(linkStr) //.replace(/javascript:.*/g, '')
} else {
vertices[id].link = linkStr
}