From 6670ad7229236f59aee6c336ea6b8b66c79fe71b Mon Sep 17 00:00:00 2001
From: darshanr0107 <darshan@mermaidchart.com>
Date: Tue, 7 Oct 2025 12:15:32 +0530
Subject: [PATCH 1/2] fix : escape HTML in tooltip titles to prevent DOM
 injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 packages/mermaid/src/diagrams/class/classDb.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/packages/mermaid/src/diagrams/class/classDb.ts b/packages/mermaid/src/diagrams/class/classDb.ts
index d5a2da794..7a45c9008 100644
--- a/packages/mermaid/src/diagrams/class/classDb.ts
+++ b/packages/mermaid/src/diagrams/class/classDb.ts
@@ -473,6 +473,16 @@ export class ClassDB implements DiagramDB {
     LOLLIPOP: 4,
   };
 
+  // Utility function to escape HTML meta-characters
+  private escapeHtml(str: string): string {
+    return str
+      .replace(/&/g, "&amp;")
+      .replace(/</g, "&lt;")
+      .replace(/>/g, "&gt;")
+      .replace(/"/g, "&quot;")
+      .replace(/'/g, "&#39;");
+  }
+
   private readonly setupToolTips = (element: Element) => {
     let tooltipElem = select<HTMLDivElement, unknown>('.mermaidTooltip');
     if (tooltipElem.empty()) {
@@ -509,7 +519,7 @@ export class ClassDB implements DiagramDB {
         const rect = (event.currentTarget as Element).getBoundingClientRect();
         tooltipElem.transition().duration(200).style('opacity', '.9');
         tooltipElem
-          .html(title.replace(/&lt;br\/&gt;/g, '<br/>'))
+          .html(this.escapeHtml(title).replace(/&lt;br\/&gt;/g, '<br/>'))
           .style('left', `${window.scrollX + rect.left + rect.width / 2}px`)
           .style('top', `${window.scrollY + rect.bottom + 4}px`);
 

From ddd4763db28fbb6dc98e06593d1495861bf742a6 Mon Sep 17 00:00:00 2001
From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com>
Date: Tue, 7 Oct 2025 06:50:56 +0000
Subject: [PATCH 2/2] [autofix.ci] apply automated fixes

---
 packages/mermaid/src/diagrams/class/classDb.ts | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/packages/mermaid/src/diagrams/class/classDb.ts b/packages/mermaid/src/diagrams/class/classDb.ts
index 7a45c9008..6bcb29b1d 100644
--- a/packages/mermaid/src/diagrams/class/classDb.ts
+++ b/packages/mermaid/src/diagrams/class/classDb.ts
@@ -476,11 +476,11 @@ export class ClassDB implements DiagramDB {
   // Utility function to escape HTML meta-characters
   private escapeHtml(str: string): string {
     return str
-      .replace(/&/g, "&amp;")
-      .replace(/</g, "&lt;")
-      .replace(/>/g, "&gt;")
-      .replace(/"/g, "&quot;")
-      .replace(/'/g, "&#39;");
+      .replace(/&/g, '&amp;')
+      .replace(/</g, '&lt;')
+      .replace(/>/g, '&gt;')
+      .replace(/"/g, '&quot;')
+      .replace(/'/g, '&#39;');
   }
 
   private readonly setupToolTips = (element: Element) => {