GitHub/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-01-14 06:43:25 +08:00
Code Issues Projects Releases Wiki Activity

Missed test case for allowing site owner to append to secure field set

Browse Source 
Missed logic for default-appending src array values where not existing within dst array in assignWithDepth function
This commit is contained in:
chris moran 2020-07-08 08:41:35 -04:00
parent 5242672efb
commit dee47ec978
No known key found for this signature in database
GPG Key ID: FBD13F2A0E1B9152
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/mermaidAPI.spec.js
View File

@ -65,6 +65,28 @@ describe('when using mermaidAPI and ', function() {
expect(mermaidAPI.getSiteConfig()).toEqual(siteConfig)
expect(mermaidAPI.getConfig()).toEqual(siteConfig);
});
it('should allow site config secure to global defaults', function() {
let config = {
logLevel: 0,
secure: ['foo']
};
mermaidAPI.initialize(config);
const siteConfig = mermaidAPI.getSiteConfig();
expect(mermaidAPI.getConfig().logLevel).toBe(0);
expect(mermaidAPI.getConfig().secure).toContain('foo');
config = {
logLevel: 3,
securityLevel: 'loose',
secure: ['foo', 'bar']
};
mermaidAPI.reinitialize(config);
expect(mermaidAPI.getConfig().secure).toEqual(mermaidAPI.getSiteConfig().secure);
expect(mermaidAPI.getConfig().securityLevel).toBe('strict');
expect(mermaidAPI.getConfig().secure).not.toContain('bar');
mermaidAPI.reset();
expect(mermaidAPI.getSiteConfig()).toEqual(siteConfig)
expect(mermaidAPI.getConfig()).toEqual(siteConfig);
});
it('should prevent changes to site defaults (sneaky)', function() {
let config = {
logLevel: 0

7
src/utils.js
View File

@ -443,6 +443,13 @@ export const assignWithDepth = function(dst, src, config) {
if (Array.isArray(src) && !Array.isArray(dst)) {
src.forEach(s => assignWithDepth(dst, s, config));
return dst;
} else if (Array.isArray(src) && Array.isArray(dst)) {
src.forEach(s => {
if (dst.indexOf(s) === -1) {
dst.push(s);
}
});
return dst;
}
if (typeof dst === 'undefined' || depth <= 0) {
if (dst !== undefined && dst !== null && typeof dst === 'object' && typeof src === 'object') {