GitHub/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-01-28 07:03:17 +08:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4395 from Gusted/docs-sec

Browse Source 
Improve the wording of security level values
This commit is contained in:
Knut Sveidqvist 2023-05-15 08:18:45 +02:00 committed by GitHub
commit 040827d95d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
packages/mermaid/src/defaultConfig.ts
View File

@ -88,13 +88,13 @@ const config: Partial<MermaidConfig> = {
*
* **Notes**:
*
* - **strict**: (**default**) tags in text are encoded, click functionality is disabled
* - **loose**: tags in text are allowed, click functionality is enabled
* - **antiscript**: html tags in text are allowed, (only script element is removed), click
* functionality is enabled
* - **sandbox**: With this security level all rendering takes place in a sandboxed iframe. This
* - **strict**: (**default**) HTML tags in the text are encoded and click functionality is disabled.
* - **antiscript**: HTML tags in text are allowed (only script elements are removed), and click
* functionality is enabled.
* - **loose**: HTML tags in text are allowed and click functionality is enabled.
* - **sandbox**: With this security level, all rendering takes place in a sandboxed iframe. This
* prevent any JavaScript from running in the context. This may hinder interactive functionality
* of the diagram like scripts, popups in sequence diagram or links to other tabs/targets etc.
* of the diagram, like scripts, popups in the sequence diagram, links to other tabs or targets, etc.
*/
securityLevel: 'strict',

8
packages/mermaid/src/docs/config/usage.md
View File

@ -106,10 +106,10 @@ A `securityLevel` configuration has to first be cleared. `securityLevel` sets th
Values:
- **strict**: (**default**) tags in text are encoded, click functionality is disabled
- **loose**: tags in text are allowed, click functionality is enabled
- **antiscript**: html tags in text are allowed, (only script element is removed), click functionality is enabled
- **sandbox**: With this security level all rendering takes place in a sandboxed iframe. This prevent any JavaScript running in the context. This may hinder interactive functionality of the diagram like scripts, popups in sequence diagram or links to other tabs/targets etc.
- **strict**: (**default**) HTML tags in the text are encoded and click functionality is disabled.
- **antiscript**: HTML tags in text are allowed (only script elements are removed) and click functionality is enabled.
- **loose**: HTML tags in text are allowed and click functionality is enabled.
- **sandbox**: With this security level, all rendering takes place in a sandboxed iframe. This prevent any JavaScript from running in the context. This may hinder interactive functionality of the diagram, like scripts, popups in the sequence diagram, links to other tabs or targets, etc.
```note
This changes the default behaviour of mermaid so that after upgrade to 8.2, unless the `securityLevel` is not changed, tags in flowcharts are encoded as tags and clicking is disabled.