diff --git a/dist/xssi.html b/dist/xssi.html new file mode 100644 index 000000000..df853a0a4 --- /dev/null +++ b/dist/xssi.html @@ -0,0 +1,122 @@ + + + + + + Mermaid Quick Test Page + + + + +
+ gantt + title Exclusive end dates If bold then xss (Manual date should end on 3d) + dateFormat YYYY-MM-DD + axisFormat %d + section Section1 + 2 Days: 1, 2019-01-01,2d + Manual Date: 2, 2019-01-01,2019-01-03 +
+ +
+ graph TD + A["If bold then xssChristmas"] -->|Get If bold then xss money| B(Go If bold then xss shopping) + B --> C{Let me thinksssss
ssssssssssssssssssssss
sssssssssssssssssssssssssss} + C -->|One| D[Laptop] + C -->|Two| E[iPhone] + C -->|Three| F[Car] +
+
+graph TB + subgraph "If bold then xss" + a1-->a2 + end +
+
+graph TD +A[Christmas] -->|Get money| B(Go shopping) +B --> C{Let me think} +C -->|One| D[Laptop] +C -->|Two| E[iPhone] +C -->|Three| F[Car] +click A "index.html#link-clicked" "link test" +click B testClick "click test" +classDef someclass fill:#f96; +class A someclass; +
+ +
+sequenceDiagram +participant "Alice" +participant Bob +participant John as John
Second Line +Alice ->> Bob: Hello Bob, how are you? +Bob-->>John: How about you If bold then xssJohn? +Bob--x Alice: I am good thanks! +Bob-x John: I am good thanks! +Note right of John: Bob thinks a long
long time, so long
that the text does
not fit on a row. +Bob-->Alice: Checking with John... +alt either this +Alice->>John: Yes +else or this +Alice->>John: No +else or this will happen +Alice->John: Maybe +end +par this happens in parallel +Alice -->> Bob: Parallel message 1 +and +Alice -->> John: Parallel message 2 +end +
+ +
+classDiagram +Class01 <|-- AveryLongClass : CoIf bold then xssol +Class03 "0" *-- "0..n" Class04 +Class05 "1" o-- "many" Class06 +Class07 .. Class08 +Class09 "many" --> "1" C2 : Where am i? +Class09 "0" --* "1..n" C3 +Class09 --|> Class07 +Class07 : equals() +Class07 : Object[] elementData +Class01 : size() +Class01 : int chimp +Class01 : int gorilla +Class08 <--> C2: Cool label +
+ + + + + + diff --git a/e2e/helpers/util.js b/e2e/helpers/util.js index bd5f7b624..e60e15aa0 100644 --- a/e2e/helpers/util.js +++ b/e2e/helpers/util.js @@ -1,19 +1,23 @@ /* eslint-env jest */ import { Base64 } from 'js-base64' -export const mermaidUrl = (graphStr, options) => { +export const mermaidUrl = (graphStr, options, api) => { const obj = { code: graphStr, mermaid: options } const objStr = JSON.stringify(obj) - // console.log(Base64) - return 'http://localhost:9000/e2e.html?graph=' + Base64.encodeURI(objStr) + let url = 'http://localhost:9000/e2e.html?graph=' + Base64.encodeURI(objStr) + if (api) { + url = 'http://localhost:9000/xss.html?graph=' + graphStr + } + + return url } -export const imgSnapshotTest = async (page, graphStr, options) => { +export const imgSnapshotTest = async (page, graphStr, options, api) => { return new Promise(async resolve => { - const url = mermaidUrl(graphStr, options) + const url = mermaidUrl(graphStr, options, api) await page.goto(url) diff --git a/e2e/platform/viewer.js b/e2e/platform/viewer.js index a99bad818..afdbc23c7 100644 --- a/e2e/platform/viewer.js +++ b/e2e/platform/viewer.js @@ -1,4 +1,5 @@ import { Base64 } from 'js-base64' +import mermaid from '../../dist/mermaid.core' /** * ##contentLoaded @@ -22,6 +23,29 @@ const contentLoaded = function () { global.mermaid.init() } } +const contentLoadedApi = function () { + let pos = document.location.href.indexOf('?graph=') + if (pos > 0) { + pos = pos + 7 + const graphBase64 = document.location.href.substr(pos) + const graphObj = JSON.parse(Base64.decode(graphBase64)) + // const graph = 'hello' + console.log(graphObj) + const div = document.createElement('div') + div.id = 'block' + div.className = 'mermaid' + // div.innerHTML = graphObj.code + document.getElementsByTagName('body')[0].appendChild(div) + global.mermaid.initialize(graphObj.mermaid) + console.log('apa') + + mermaid.render('newid', graphObj.code, (svgCode, bindFunctions) => { + div.innerHTML = svgCode + + bindFunctions(div) + }, div) + } +} if (typeof document !== 'undefined') { /*! @@ -30,7 +54,12 @@ if (typeof document !== 'undefined') { window.addEventListener( 'load', function () { - contentLoaded() + if (this.location.href.match('xss.html')) { + this.console.log('Using api') + contentLoadedApi() + } else { + contentLoaded() + } }, false ) diff --git a/e2e/platform/xss.html b/e2e/platform/xss.html new file mode 100644 index 000000000..9abc43852 --- /dev/null +++ b/e2e/platform/xss.html @@ -0,0 +1,44 @@ + + + + + + + + + + + + diff --git a/e2e/platform/xss.png b/e2e/platform/xss.png new file mode 100644 index 000000000..9dc80e071 Binary files /dev/null and b/e2e/platform/xss.png differ diff --git a/e2e/spec/__image_snapshots__/__diff_output__/xss-spec-js-sequencediagram-should-render-a-simple-sequence-diagrams-1-diff.png b/e2e/spec/__image_snapshots__/__diff_output__/xss-spec-js-sequencediagram-should-render-a-simple-sequence-diagrams-1-diff.png new file mode 100644 index 000000000..757395203 Binary files /dev/null and b/e2e/spec/__image_snapshots__/__diff_output__/xss-spec-js-sequencediagram-should-render-a-simple-sequence-diagrams-1-diff.png differ diff --git a/e2e/spec/__image_snapshots__/flowchart-spec-js-flowcart-should-render-a-simple-flowchart-with-line-breaks-1-snap.png b/e2e/spec/__image_snapshots__/flowchart-spec-js-flowcart-should-render-a-simple-flowchart-with-line-breaks-1-snap.png index f321bb0b1..f34b72f43 100644 Binary files a/e2e/spec/__image_snapshots__/flowchart-spec-js-flowcart-should-render-a-simple-flowchart-with-line-breaks-1-snap.png and b/e2e/spec/__image_snapshots__/flowchart-spec-js-flowcart-should-render-a-simple-flowchart-with-line-breaks-1-snap.png differ diff --git a/e2e/spec/__image_snapshots__/flowchart-spec-js-flowcart-should-render-a-simple-flowchart-with-trapezoid-and-inverse-trapezoid-vertex-options-1-snap.png b/e2e/spec/__image_snapshots__/flowchart-spec-js-flowcart-should-render-a-simple-flowchart-with-trapezoid-and-inverse-trapezoid-vertex-options-1-snap.png index 052b2174f..e9bbbafdd 100644 Binary files a/e2e/spec/__image_snapshots__/flowchart-spec-js-flowcart-should-render-a-simple-flowchart-with-trapezoid-and-inverse-trapezoid-vertex-options-1-snap.png and b/e2e/spec/__image_snapshots__/flowchart-spec-js-flowcart-should-render-a-simple-flowchart-with-trapezoid-and-inverse-trapezoid-vertex-options-1-snap.png differ diff --git a/e2e/spec/__image_snapshots__/xss-spec-js-sequencediagram-should-render-a-simple-sequence-diagrams-1-snap.png b/e2e/spec/__image_snapshots__/xss-spec-js-sequencediagram-should-render-a-simple-sequence-diagrams-1-snap.png new file mode 100644 index 000000000..b7ef626c7 Binary files /dev/null and b/e2e/spec/__image_snapshots__/xss-spec-js-sequencediagram-should-render-a-simple-sequence-diagrams-1-snap.png differ diff --git a/e2e/spec/__image_snapshots__/xss-spec-js-xss-should-handle-xss-in-tags-1-snap.png b/e2e/spec/__image_snapshots__/xss-spec-js-xss-should-handle-xss-in-tags-1-snap.png new file mode 100644 index 000000000..e95449234 Binary files /dev/null and b/e2e/spec/__image_snapshots__/xss-spec-js-xss-should-handle-xss-in-tags-1-snap.png differ diff --git a/e2e/spec/xss.spec.js b/e2e/spec/xss.spec.js new file mode 100644 index 000000000..a1fec028a --- /dev/null +++ b/e2e/spec/xss.spec.js @@ -0,0 +1,15 @@ +/* eslint-env jest */ +import { imgSnapshotTest } from '../helpers/util.js' +const { toMatchImageSnapshot } = require('jest-image-snapshot') + +expect.extend({ toMatchImageSnapshot }) + +/* eslint-disable */ +describe('XSS', () => { + it('should handle xss in tags', async () => { + // const str = 'graph LR;\nB-->D();' + const str = 'eyJjb2RlIjoiXG5ncmFwaCBMUlxuICAgICAgQi0tPkQoPGltZyBvbmVycm9yPWxvY2F0aW9uPWBqYXZhc2NyaXB0XFx1MDAzYXhzc0F0dGFja1xcdTAwMjhkb2N1bWVudC5kb21haW5cXHUwMDI5YCBzcmM9eD4pOyIsIm1lcm1haWQiOnsidGhlbWUiOiJkZWZhdWx0In19'; + await imgSnapshotTest(page, str, + {}, true) + }) +})