marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-20 15:59:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

add security level antiscript option, to let use rich html format but remove all script element.

Browse Source
This commit is contained in:
Toan
2020-07-05 23:04:22 +07:00
parent 5242672efb
commit fce2a16e42
3 changed files with 66 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/config.js
View File

@@ -77,11 +77,12 @@ const config = {
/**
*| Parameter | Description |Type | Required | Values|
*| --- | --- | --- | --- | --- |
*| securitylevel | Level of trust for parsed diagram|String | Required | Strict, Loose |
*| securitylevel | Level of trust for parsed diagram|String | Required | Strict, Loose, antiscript |
*
***Notes:
*- **strict**: (**default**) tags in text are encoded, click functionality is disabeled
*- **loose**: tags in text are allowed, click functionality is enabled
*- **antiscript**: html tags in text are allowed, (only script element is removed), click functionality is enabled
*/
securityLevel: 'strict',