#2170 Adding dompurify
This commit is contained in:
parent
1310619848
commit
2f73fd3a9d
|
@ -1110,7 +1110,7 @@ mermaidAPI.initialize({
|
|||
<script>
|
||||
var config = {
|
||||
theme:'default',
|
||||
logLevel: 5, // corresponds with "fatal"
|
||||
logLevel:'fatal',
|
||||
securityLevel:'strict',
|
||||
startOnLoad:true,
|
||||
arrowMarkerAbsolute:false,
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
import DOMPurify from 'dompurify';
|
||||
|
||||
export const getRows = s => {
|
||||
if (!s) return 1;
|
||||
let str = breakToPlaceholder(s);
|
||||
|
@ -34,30 +36,8 @@ export const removeScript = txt => {
|
|||
return rs;
|
||||
};
|
||||
|
||||
export const sanitizeText = (text, config) => {
|
||||
let txt = text;
|
||||
let htmlLabels = true;
|
||||
if (
|
||||
config.flowchart &&
|
||||
(config.flowchart.htmlLabels === false || config.flowchart.htmlLabels === 'false')
|
||||
) {
|
||||
htmlLabels = false;
|
||||
}
|
||||
|
||||
if (htmlLabels) {
|
||||
const level = config.securityLevel;
|
||||
|
||||
if (level === 'antiscript') {
|
||||
txt = removeScript(txt);
|
||||
} else if (level !== 'loose') {
|
||||
// eslint-disable-line
|
||||
txt = breakToPlaceholder(txt);
|
||||
txt = txt.replace(/</g, '<').replace(/>/g, '>');
|
||||
txt = txt.replace(/=/g, '=');
|
||||
txt = placeholderToBreak(txt);
|
||||
}
|
||||
}
|
||||
|
||||
export const sanitizeText = text => {
|
||||
const txt = DOMPurify.sanitize(text);
|
||||
return txt;
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue