From e5345f209cb46b6823b605d8b425e52a3bd6aa66 Mon Sep 17 00:00:00 2001
From: Adam B <el-mapache@github.com>
Date: Thu, 7 Apr 2022 15:34:53 -0400
Subject: [PATCH] Sanitize user input for accessibility nodes

* Adds accDescription to demos/gantt.html
---
 demos/gantt.html              | 2 +-
 src/diagrams/gantt/ganttDb.js | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/demos/gantt.html b/demos/gantt.html
index 68bf4a961..789a1e29d 100644
--- a/demos/gantt.html
+++ b/demos/gantt.html
@@ -19,7 +19,7 @@
 <div class="mermaid">
 gantt
   title A Gantt Diagram
-  
+  accDescription Remaining Q4 Tasks
   dateFormat  YYYY-MM-DD
   section Section
   A task           :a1, 2014-01-01, 30d
diff --git a/src/diagrams/gantt/ganttDb.js b/src/diagrams/gantt/ganttDb.js
index 0d4bd594d..0123c565a 100644
--- a/src/diagrams/gantt/ganttDb.js
+++ b/src/diagrams/gantt/ganttDb.js
@@ -4,6 +4,7 @@ import { log } from '../../logger';
 import * as configApi from '../../config';
 import utils from '../../utils';
 import mermaidAPI from '../../mermaidAPI';
+import common from '../common/common';
 
 let dateFormat = '';
 let axisFormat = '';
@@ -24,6 +25,10 @@ let topAxis = false;
 // The serial order of the task in the script
 let lastOrder = 0;
 
+const sanitizeText = function (txt) {
+  return common.sanitizeText(txt, configApi.getConfig());
+};
+
 export const parseDirective = function (statement, context, type) {
   mermaidAPI.parseDirective(this, statement, context, type);
 };
@@ -109,7 +114,7 @@ export const getLinks = function () {
 };
 
 export const setTitle = function (txt) {
-  title = txt;
+  title = sanitizeText(txt);
 };
 
 export const getTitle = function () {
@@ -117,7 +122,7 @@ export const getTitle = function () {
 };
 
 export const setAccDescription = function (txt) {
-  accDescription = txt;
+  accDescription = sanitizeText(txt);
 };
 
 export const getAccDescription = function () {