mirrors
/
mermaid
mirror of https://github.com/mermaid-js/mermaid.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: shifted dompurify.addhook functions inside removescript

This commit is contained in:
Harshit Anand 2023-10-23 16:09:51 +05:30
parent 3f486ac0e1
commit 7960f94eba
1 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
packages/mermaid/src/diagrams/common/common.ts
View File

@ -25,9 +25,6 @@ export const getRows = (s?: string): string[] => {
* @returns The safer text * @returns The safer text
*/ */
export const removeScript = (txt: string): string => { export const removeScript = (txt: string): string => {
return DOMPurify.sanitize(txt);
};
const TEMPORARY_ATTRIBUTE = 'data-temp-href-target'; const TEMPORARY_ATTRIBUTE = 'data-temp-href-target';
DOMPurify.addHook('beforeSanitizeAttributes', (node: Element) => { DOMPurify.addHook('beforeSanitizeAttributes', (node: Element) => {
@ -36,6 +33,8 @@ DOMPurify.addHook('beforeSanitizeAttributes', (node: Element) => {
} }
}); });
const sanitizedText = DOMPurify.sanitize(txt);
DOMPurify.addHook('afterSanitizeAttributes', (node: Element) => { DOMPurify.addHook('afterSanitizeAttributes', (node: Element) => {
if (node.tagName === 'A' && node.hasAttribute(TEMPORARY_ATTRIBUTE)) { if (node.tagName === 'A' && node.hasAttribute(TEMPORARY_ATTRIBUTE)) {
node.setAttribute('target', node.getAttribute(TEMPORARY_ATTRIBUTE) || ''); node.setAttribute('target', node.getAttribute(TEMPORARY_ATTRIBUTE) || '');
@ -46,6 +45,9 @@ DOMPurify.addHook('afterSanitizeAttributes', (node: Element) => {
} }
}); });
return sanitizedText;
};
const sanitizeMore = (text: string, config: MermaidConfig) => { const sanitizeMore = (text: string, config: MermaidConfig) => {
if (config.flowchart?.htmlLabels !== false) { if (config.flowchart?.htmlLabels !== false) {
const level = config.securityLevel; const level = config.securityLevel;