mirror of
https://github.com/mermaid-js/mermaid.git
synced 2025-01-28 07:03:17 +08:00
Correct handling of the note object foir state diagrams when sanitizing it
This commit is contained in:
Knut Sveidqvist
parent
dd088bc603
commit
7ad509cc7a
35
dist/mermaid.core.js
vendored
35
dist/mermaid.core.js
vendored
@ -3266,7 +3266,10 @@ var rectWithTitle = function rectWithTitle(parent, node) {
|
||||
|
||||
_logger__WEBPACK_IMPORTED_MODULE_1__["log"].info('Label text abc79', title, text2, _typeof(text2) === 'object');
|
||||
var text = label.node().appendChild(Object(_createLabel__WEBPACK_IMPORTED_MODULE_5__["default"])(title, node.labelStyle, true, true));
|
||||
var bbox;
|
||||
var bbox = {
|
||||
width: 0,
|
||||
height: 0
|
||||
};
|
||||
|
||||
if (Object(_diagrams_common_common__WEBPACK_IMPORTED_MODULE_8__["evaluate"])(Object(_config__WEBPACK_IMPORTED_MODULE_3__["getConfig"])().flowchart.htmlLabels)) {
|
||||
var div = text.children[0];
|
||||
@ -7405,9 +7408,11 @@ var removeScript = function removeScript(txt) {
|
||||
}
|
||||
}
|
||||
|
||||
rs = rs.replace(/javascript:/g, '#');
|
||||
rs = rs.replace(/onerror=/g, 'onerror:');
|
||||
rs = rs.replace(/<iframe/g, '');
|
||||
rs = rs.replace(/script>/gi, '#');
|
||||
rs = rs.replace(/script>/gi, '#');
|
||||
rs = rs.replace(/javascript:/gi, '#');
|
||||
rs = rs.replace(/onerror=/gi, 'onerror:');
|
||||
rs = rs.replace(/<iframe/gi, '');
|
||||
return rs;
|
||||
};
|
||||
|
||||
@ -7437,7 +7442,10 @@ var sanitizeMore = function sanitizeMore(text, config) {
|
||||
};
|
||||
|
||||
var sanitizeText = function sanitizeText(text, config) {
|
||||
var txt = sanitizeMore(dompurify__WEBPACK_IMPORTED_MODULE_0___default.a.sanitize(text), config);
|
||||
var level = config.securityLevel;
|
||||
console.log('security level', level);
|
||||
if (!text) return text;
|
||||
var txt = dompurify__WEBPACK_IMPORTED_MODULE_0___default.a.sanitize(sanitizeMore(text, config));
|
||||
return txt;
|
||||
};
|
||||
var lineBreakRegex = /<br\s*\/?>/gi;
|
||||
@ -22578,7 +22586,8 @@ __webpack_require__.r(__webpack_exports__);
|
||||
/* harmony import */ var _logger__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! ../../logger */ "./src/logger.js");
|
||||
/* harmony import */ var _utils__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! ../../utils */ "./src/utils.js");
|
||||
/* harmony import */ var _mermaidAPI__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! ../../mermaidAPI */ "./src/mermaidAPI.js");
|
||||
/* harmony import */ var _config__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(/*! ../../config */ "./src/config.js");
|
||||
/* harmony import */ var _common_common__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(/*! ../common/common */ "./src/diagrams/common/common.js");
|
||||
/* harmony import */ var _config__WEBPACK_IMPORTED_MODULE_4__ = __webpack_require__(/*! ../../config */ "./src/config.js");
|
||||
function _typeof(obj) { "@babel/helpers - typeof"; if (typeof Symbol === "function" && typeof Symbol.iterator === "symbol") { _typeof = function _typeof(obj) { return typeof obj; }; } else { _typeof = function _typeof(obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj; }; } return _typeof(obj); }
|
||||
|
||||
|
||||
@ -22586,6 +22595,7 @@ function _typeof(obj) { "@babel/helpers - typeof"; if (typeof Symbol === "functi
|
||||
|
||||
|
||||
|
||||
|
||||
var clone = function clone(o) {
|
||||
return JSON.parse(JSON.stringify(o));
|
||||
};
|
||||
@ -22749,7 +22759,7 @@ var addState = function addState(id, type, doc, descr, note) {
|
||||
}
|
||||
}
|
||||
|
||||
if (note) currentDocument.states[id].note = note;
|
||||
if (note) currentDocument.states[id].note = _common_common__WEBPACK_IMPORTED_MODULE_3__["default"].sanitizeText(note, _config__WEBPACK_IMPORTED_MODULE_4__["getConfig"]());
|
||||
};
|
||||
var clear = function clear() {
|
||||
documents = {
|
||||
@ -22797,7 +22807,7 @@ var addRelation = function addRelation(_id1, _id2, title) {
|
||||
currentDocument.relations.push({
|
||||
id1: id1,
|
||||
id2: id2,
|
||||
title: title
|
||||
title: _common_common__WEBPACK_IMPORTED_MODULE_3__["default"].sanitizeText(title, _config__WEBPACK_IMPORTED_MODULE_4__["getConfig"]())
|
||||
});
|
||||
};
|
||||
|
||||
@ -22809,7 +22819,7 @@ var addDescription = function addDescription(id, _descr) {
|
||||
descr = descr.substr(1).trim();
|
||||
}
|
||||
|
||||
theState.descriptions.push(descr);
|
||||
theState.descriptions.push(_common_common__WEBPACK_IMPORTED_MODULE_3__["default"].sanitizeText(descr, _config__WEBPACK_IMPORTED_MODULE_4__["getConfig"]()));
|
||||
};
|
||||
|
||||
var cleanupLabel = function cleanupLabel(label) {
|
||||
@ -22860,7 +22870,7 @@ var trimColon = function trimColon(str) {
|
||||
/* harmony default export */ __webpack_exports__["default"] = ({
|
||||
parseDirective: parseDirective,
|
||||
getConfig: function getConfig() {
|
||||
return _config__WEBPACK_IMPORTED_MODULE_3__["getConfig"]().state;
|
||||
return _config__WEBPACK_IMPORTED_MODULE_4__["getConfig"]().state;
|
||||
},
|
||||
addState: addState,
|
||||
clear: clear,
|
||||
@ -22909,11 +22919,12 @@ __webpack_require__.r(__webpack_exports__);
|
||||
/* harmony import */ var _dagre_wrapper_index_js__WEBPACK_IMPORTED_MODULE_5__ = __webpack_require__(/*! ../../dagre-wrapper/index.js */ "./src/dagre-wrapper/index.js");
|
||||
/* harmony import */ var _logger__WEBPACK_IMPORTED_MODULE_6__ = __webpack_require__(/*! ../../logger */ "./src/logger.js");
|
||||
/* harmony import */ var _utils__WEBPACK_IMPORTED_MODULE_7__ = __webpack_require__(/*! ../../utils */ "./src/utils.js");
|
||||
/* harmony import */ var _common_common__WEBPACK_IMPORTED_MODULE_8__ = __webpack_require__(/*! ../common/common */ "./src/diagrams/common/common.js");
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
// import { evaluate } from '../common/common';
|
||||
|
||||
|
||||
|
||||
@ -22963,7 +22974,7 @@ var setupNode = function setupNode(g, parent, node, altFlag) {
|
||||
nodeDb[node.id] = {
|
||||
id: node.id,
|
||||
shape: shape,
|
||||
description: node.id,
|
||||
description: _common_common__WEBPACK_IMPORTED_MODULE_8__["default"].sanitizeText(node.id, Object(_config__WEBPACK_IMPORTED_MODULE_4__["getConfig"])()),
|
||||
classes: 'statediagram-state'
|
||||
};
|
||||
} // Build of the array of description strings accordinging
|
||||
|
||||
2
dist/mermaid.core.js.map
vendored
2
dist/mermaid.core.js.map
vendored
File diff suppressed because one or more lines are too long
64090
dist/mermaid.js
vendored
64090
dist/mermaid.js
vendored
File diff suppressed because one or more lines are too long
2
dist/mermaid.js.map
vendored
2
dist/mermaid.js.map
vendored
File diff suppressed because one or more lines are too long
12
dist/mermaid.min.js
vendored
12
dist/mermaid.min.js
vendored
File diff suppressed because one or more lines are too long
2
dist/mermaid.min.js.map
vendored
2
dist/mermaid.min.js.map
vendored
File diff suppressed because one or more lines are too long
@ -148,7 +148,13 @@ export const addState = function (id, type, doc, descr, note) {
|
||||
}
|
||||
}
|
||||
|
||||
if (note) currentDocument.states[id].note = common.sanitizeText(note, configApi.getConfig());
|
||||
if (note) {
|
||||
currentDocument.states[id].note = note;
|
||||
currentDocument.states[id].note.text = common.sanitizeText(
|
||||
currentDocument.states[id].note.text,
|
||||
configApi.getConfig()
|
||||
);
|
||||
}
|
||||
};
|
||||
|
||||
export const clear = function () {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user