diff --git a/.prettierrc.json b/.prettierrc.json index 8cadfefaf..0835748d6 100644 --- a/.prettierrc.json +++ b/.prettierrc.json @@ -1,8 +1,5 @@ { "endOfLine": "auto", - "plugins": [ - "prettier-plugin-jsdoc" - ], "printWidth": 100, "singleQuote": true } \ No newline at end of file diff --git a/docs/Setup.md b/docs/Setup.md index 4a3575d2c..a413617b1 100644 --- a/docs/Setup.md +++ b/docs/Setup.md @@ -72,9 +72,9 @@ Theme , the CSS style sheet ## securityLevel -| Parameter | Description | Type | Required | Values | -| ------------- | --------------------------------- | ------ | -------- | ------------------------------- | -| securitylevel | Level of trust for parsed diagram | string | Required | 'strict', 'loose', 'antiscript' | +| Parameter | Description | Type | Required | Values | +| ------------- | --------------------------------- | ------ | -------- | ------------------------------------------ | +| securityLevel | Level of trust for parsed diagram | string | Required | 'sandbox', 'strict', 'loose', 'antiscript' | **Notes**: @@ -82,6 +82,9 @@ Theme , the CSS style sheet - **loose**: tags in text are allowed, click functionality is enabled - **antiscript**: html tags in text are allowed, (only script element is removed), click functionality is enabled +- **sandbox**: With this security level all rendering takes place in a sandboxed iframe. This + prevent any JavaScript from running in the context. This may hinder interactive functionality + of the diagram like scripts, popups in sequence diagram or links to other tabs/targets etc. ## startOnLoad @@ -1509,7 +1512,7 @@ $(function () { - `_txt` **any** The graph definition - `cb` **any** Callback which is called after rendering is finished with the svg code as inparam. - `container` **any** Selector to element in which a div with the graph temporarily will be - inserted. In one is provided a hidden div will be inserted in the body of the page instead. The + inserted. If one is provided a hidden div will be inserted in the body of the page instead. The element will be removed when rendering is completed. Returns **any** diff --git a/docs/usage.md b/docs/usage.md index ac126631a..1815f0a36 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -107,7 +107,7 @@ Mermaid can load multiple diagrams, in the same page. | Parameter | Description | Type | Required | Values | | ------------- | --------------------------------- | ------ | -------- | ------------------------- | -| securityLevel | Level of trust for parsed diagram | String | Required | Strict, Loose, antiscript , sandbox| +| securityLevel | Level of trust for parsed diagram | String | Required | 'sandbox', 'strict', 'loose', 'antiscript' | Values: @@ -118,7 +118,7 @@ Values: ```note -This changes the default behaviour of mermaid so that after upgrade to 8.2,unless the `securityLevel` is not changed, tags in flowcharts are encoded as tags and clicking is disabled. +This changes the default behaviour of mermaid so that after upgrade to 8.2, unless the `securityLevel` is not changed, tags in flowcharts are encoded as tags and clicking is disabled. **sandbox** security level is still in the beta version. ``` diff --git a/package.json b/package.json index 21369afa0..065d8d6da 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "postbuild": "documentation build src/mermaidAPI.js src/config.js src/defaultConfig.js --shallow -f md --markdown-toc false > docs/Setup.md", "build:watch": "yarn build:development --watch", "release": "yarn build", - "lint": "eslint ./ --ext .js,.json,.html", + "lint": "eslint ./ --ext .js,.json,.html,.md", "lint:fix": "yarn lint --fix", "e2e:depr": "yarn lint && jest e2e --config e2e/jest.config.js", "cypress": "cypress run", @@ -122,4 +122,4 @@ "**/*.css", "**/*.scss" ] -} +} \ No newline at end of file diff --git a/src/defaultConfig.js b/src/defaultConfig.js index acf85055f..216932576 100644 --- a/src/defaultConfig.js +++ b/src/defaultConfig.js @@ -64,9 +64,9 @@ const config = { logLevel: 5, /** - * | Parameter | Description | Type | Required | Values | - * | ------------- | --------------------------------- | ------ | -------- | ------------------------------- | - * | securitylevel | Level of trust for parsed diagram | string | Required | 'strict', 'loose', 'antiscript' | + * | Parameter | Description | Type | Required | Values | + * | ------------- | --------------------------------- | ------ | -------- | ------------------------------------------ | + * | securityLevel | Level of trust for parsed diagram | string | Required | 'sandbox', 'strict', 'loose', 'antiscript' | * * **Notes**: * @@ -74,6 +74,9 @@ const config = { * - **loose**: tags in text are allowed, click functionality is enabled * - **antiscript**: html tags in text are allowed, (only script element is removed), click * functionality is enabled + * - **sandbox**: With this security level all rendering takes place in a sandboxed iframe. This + * prevent any JavaScript from running in the context. This may hinder interactive functionality + * of the diagram like scripts, popups in sequence diagram or links to other tabs/targets etc. */ securityLevel: 'strict', diff --git a/src/mermaidAPI.js b/src/mermaidAPI.js index 6a00e80ca..2d25d1f58 100644 --- a/src/mermaidAPI.js +++ b/src/mermaidAPI.js @@ -141,7 +141,7 @@ export const decodeEntities = function (text) { * @param {any} _txt The graph definition * @param {any} cb Callback which is called after rendering is finished with the svg code as inparam. * @param {any} container Selector to element in which a div with the graph temporarily will be - * inserted. In one is provided a hidden div will be inserted in the body of the page instead. The + * inserted. If one is provided a hidden div will be inserted in the body of the page instead. The * element will be removed when rendering is completed. * @returns {any} */