marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-10-16 12:39:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix multicharacter sanitization

Browse Source
This commit is contained in:
darshanr0107
2025-06-19 12:59:51 +05:30
parent a867842f32
commit f528e2daa4
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/mermaid/src/diagrams/timeline/svgDraw.js
View File

@@ -1,5 +1,6 @@
import { arc as d3arc, select } from 'd3'; import { arc as d3arc, select } from 'd3';
import { createText } from '../../rendering-util/createText.js'; import { createText } from '../../rendering-util/createText.js';
import DOMPurify from 'dompurify';
const MAX_SECTIONS = 12; const MAX_SECTIONS = 12;
@@ -12,9 +13,10 @@ const MAX_SECTIONS = 12;
*/ */
const processHtmlContent = async function (textElem, node, conf, isVirtual = false) { const processHtmlContent = async function (textElem, node, conf, isVirtual = false) {
// Create temporary text to get initial dimensions // Create temporary text to get initial dimensions
const sanitizedHtml = DOMPurify.sanitize(node.descr, { ALLOWED_TAGS: [] });
const tempText = textElem const tempText = textElem
.append('text') .append('text')
.text(node.descr.replace(/<[^>]*>/g, '')) .text(sanitizedHtml)
.attr('dy', '1em') .attr('dy', '1em')
.attr('alignment-baseline', 'middle') .attr('alignment-baseline', 'middle')
.attr('dominant-baseline', 'middle') .attr('dominant-baseline', 'middle')