mirrors
/
mermaid
mirror of https://github.com/mermaid-js/mermaid.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

#2170 Adding dompurify

This commit is contained in:
Knut Sveidqvist 2021-07-05 10:21:11 +02:00
parent 1310619848
commit 2f73fd3a9d
2 changed files with 5 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Setup.md
View File

@ -1110,7 +1110,7 @@ mermaidAPI.initialize({
<script>
var config = {
theme:'default',
logLevel: 5, // corresponds with "fatal"
logLevel:'fatal',
securityLevel:'strict',
startOnLoad:true,
arrowMarkerAbsolute:false,

28
src/diagrams/common/common.js
View File

@ -1,3 +1,5 @@
import DOMPurify from 'dompurify';
export const getRows = s => {
if (!s) return 1;
let str = breakToPlaceholder(s);
@ -34,30 +36,8 @@ export const removeScript = txt => {
return rs;
};
export const sanitizeText = (text, config) => {
let txt = text;
let htmlLabels = true;
if (
config.flowchart &&
(config.flowchart.htmlLabels === false || config.flowchart.htmlLabels === 'false')
) {
htmlLabels = false;
}
if (htmlLabels) {
const level = config.securityLevel;
if (level === 'antiscript') {
txt = removeScript(txt);
} else if (level !== 'loose') {
// eslint-disable-line
txt = breakToPlaceholder(txt);
txt = txt.replace(/</g, '&lt;').replace(/>/g, '&gt;');
txt = txt.replace(/=/g, '&equals;');
txt = placeholderToBreak(txt);
}
}
export const sanitizeText = text => {
const txt = DOMPurify.sanitize(text);
return txt;
};