Merge pull request #3334 from mermaid-js/sidv/fixDoc

Add `sandbox` to `securityLevel` docs

.prettierrc.json

@@ -1,8 +1,5 @@
 {
   "endOfLine": "auto",
-  "plugins": [
-    "prettier-plugin-jsdoc"
-  ],
   "printWidth": 100,
   "singleQuote": true
 }

docs/Setup.md

@@ -72,9 +72,9 @@ Theme , the CSS style sheet
 
 ## securityLevel
 
-| Parameter     | Description                       | Type   | Required | Values                          |
-| ------------- | --------------------------------- | ------ | -------- | ------------------------------- |
-| securitylevel | Level of trust for parsed diagram | string | Required | 'strict', 'loose', 'antiscript' |
+| Parameter     | Description                       | Type   | Required | Values                                     |
+| ------------- | --------------------------------- | ------ | -------- | ------------------------------------------ |
+| securityLevel | Level of trust for parsed diagram | string | Required | 'sandbox', 'strict', 'loose', 'antiscript' |
 
 **Notes**:
 
@@ -82,6 +82,9 @@ Theme , the CSS style sheet
 -   **loose**: tags in text are allowed, click functionality is enabled
 -   **antiscript**: html tags in text are allowed, (only script element is removed), click
     functionality is enabled
+-   **sandbox**: With this security level all rendering takes place in a sandboxed iframe. This
+    prevent any JavaScript from running in the context. This may hinder interactive functionality
+    of the diagram like scripts, popups in sequence diagram or links to other tabs/targets etc.
 
 ## startOnLoad
 
@@ -1509,7 +1512,7 @@ $(function () {
 -   `_txt` **any** The graph definition
 -   `cb` **any** Callback which is called after rendering is finished with the svg code as inparam.
 -   `container` **any** Selector to element in which a div with the graph temporarily will be
-      inserted. In one is provided a hidden div will be inserted in the body of the page instead. The
+      inserted. If one is provided a hidden div will be inserted in the body of the page instead. The
       element will be removed when rendering is completed.
 
 Returns **any** 

docs/usage.md

@@ -107,7 +107,7 @@ Mermaid can load multiple diagrams, in the same page.
 
 | Parameter     | Description                       | Type   | Required | Values                    |
 | ------------- | --------------------------------- | ------ | -------- | ------------------------- |
-| securityLevel | Level of trust for parsed diagram | String | Required | Strict, Loose, antiscript , sandbox|
+| securityLevel | Level of trust for parsed diagram | String | Required | 'sandbox', 'strict', 'loose', 'antiscript' |
 
 Values:
 
@@ -118,7 +118,7 @@ Values:
 
 
 ```note
-This changes the default behaviour of mermaid so that after upgrade to 8.2,unless the `securityLevel` is not changed, tags in flowcharts are encoded as tags and clicking is disabled.
+This changes the default behaviour of mermaid so that after upgrade to 8.2, unless the `securityLevel` is not changed, tags in flowcharts are encoded as tags and clicking is disabled.
 **sandbox** security level is still in the beta version. 
 ```
 

package.json

@@ -27,7 +27,7 @@
     "postbuild": "documentation build src/mermaidAPI.js src/config.js src/defaultConfig.js --shallow -f md --markdown-toc false > docs/Setup.md",
     "build:watch": "yarn build:development --watch",
     "release": "yarn build",
-    "lint": "eslint ./ --ext .js,.json,.html",
+    "lint": "eslint ./ --ext .js,.json,.html,.md",
     "lint:fix": "yarn lint --fix",
     "e2e:depr": "yarn lint && jest e2e --config e2e/jest.config.js",
     "cypress": "cypress run",
@@ -122,4 +122,4 @@
     "**/*.css",
     "**/*.scss"
   ]
-}
+}

src/defaultConfig.js

@@ -64,9 +64,9 @@ const config = {
   logLevel: 5,
 
   /**
-   * | Parameter     | Description                       | Type   | Required | Values                          |
-   * | ------------- | --------------------------------- | ------ | -------- | ------------------------------- |
-   * | securitylevel | Level of trust for parsed diagram | string | Required | 'strict', 'loose', 'antiscript' |
+   * | Parameter     | Description                       | Type   | Required | Values                                     |
+   * | ------------- | --------------------------------- | ------ | -------- | ------------------------------------------ |
+   * | securityLevel | Level of trust for parsed diagram | string | Required | 'sandbox', 'strict', 'loose', 'antiscript' |
    *
    * **Notes**:
    *
@@ -74,6 +74,9 @@ const config = {
    * - **loose**: tags in text are allowed, click functionality is enabled
    * - **antiscript**: html tags in text are allowed, (only script element is removed), click
    *   functionality is enabled
+   * - **sandbox**: With this security level all rendering takes place in a sandboxed iframe. This
+   *   prevent any JavaScript from running in the context. This may hinder interactive functionality
+   *   of the diagram like scripts, popups in sequence diagram or links to other tabs/targets etc.
    */
   securityLevel: 'strict',
 

src/mermaidAPI.js

@@ -141,7 +141,7 @@ export const decodeEntities = function (text) {
  * @param {any} _txt The graph definition
  * @param {any} cb Callback which is called after rendering is finished with the svg code as inparam.
  * @param {any} container Selector to element in which a div with the graph temporarily will be
- *   inserted. In one is provided a hidden div will be inserted in the body of the page instead. The
+ *   inserted. If one is provided a hidden div will be inserted in the body of the page instead. The
  *   element will be removed when rendering is completed.
  * @returns {any}
  */