GitHub/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-01-28 07:03:17 +08:00
Code Issues Projects Releases Wiki Activity

Merge pull request #6079 from aloisklink/chore/update-to-dompurify-3.2.1

Browse Source 
fix: update dompurify to `^3.2.1` and remove `@types/dompurify`
This commit is contained in:
Ashish Jain 2024-11-26 10:48:23 +01:00 committed by GitHub
commit dfaaf361f3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 19 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.changeset/neat-rabbits-bake.md Normal file
View File

@ -0,0 +1,5 @@
---
'mermaid': patch
---
Bump dompurify to `^3.2.1`. This removes the need for `@types/dompurify`.

3
packages/mermaid/package.json
View File

@ -71,7 +71,6 @@
"@iconify/utils": "^2.1.32", "@iconify/utils": "^2.1.32",
"@mermaid-js/parser": "workspace:^", "@mermaid-js/parser": "workspace:^",
"@types/d3": "^7.4.3", "@types/d3": "^7.4.3",
"@types/dompurify": "^3.0.5",
"cytoscape": "^3.29.2", "cytoscape": "^3.29.2",
"cytoscape-cose-bilkent": "^4.1.0", "cytoscape-cose-bilkent": "^4.1.0",
"cytoscape-fcose": "^2.2.0", "cytoscape-fcose": "^2.2.0",
@ -79,7 +78,7 @@
"d3-sankey": "^0.12.3", "d3-sankey": "^0.12.3",
"dagre-d3-es": "7.0.11", "dagre-d3-es": "7.0.11",
"dayjs": "^1.11.10", "dayjs": "^1.11.10",
"dompurify": "^3.0.11 <3.1.7", "dompurify": "^3.2.1",
"katex": "^0.16.9", "katex": "^0.16.9",
"khroma": "^2.1.0", "khroma": "^2.1.0",
"lodash-es": "^4.17.21", "lodash-es": "^4.17.21",

9
packages/mermaid/src/diagrams/common/common.ts
View File

@ -32,14 +32,14 @@ const setupDompurifyHooksIfNotSetup = (() => {
function setupDompurifyHooks() { function setupDompurifyHooks() {
const TEMPORARY_ATTRIBUTE = 'data-temp-href-target'; const TEMPORARY_ATTRIBUTE = 'data-temp-href-target';
DOMPurify.addHook('beforeSanitizeAttributes', (node: Element) => { DOMPurify.addHook('beforeSanitizeAttributes', (node) => {
if (node.tagName === 'A' && node.hasAttribute('target')) { if (node instanceof Element && node.tagName === 'A' && node.hasAttribute('target')) {
node.setAttribute(TEMPORARY_ATTRIBUTE, node.getAttribute('target') ?? ''); node.setAttribute(TEMPORARY_ATTRIBUTE, node.getAttribute('target') ?? '');
} }
}); });
DOMPurify.addHook('afterSanitizeAttributes', (node: Element) => { DOMPurify.addHook('afterSanitizeAttributes', (node) => {
if (node.tagName === 'A' && node.hasAttribute(TEMPORARY_ATTRIBUTE)) { if (node instanceof Element && node.tagName === 'A' && node.hasAttribute(TEMPORARY_ATTRIBUTE)) {
node.setAttribute('target', node.getAttribute(TEMPORARY_ATTRIBUTE) ?? ''); node.setAttribute('target', node.getAttribute(TEMPORARY_ATTRIBUTE) ?? '');
node.removeAttribute(TEMPORARY_ATTRIBUTE); node.removeAttribute(TEMPORARY_ATTRIBUTE);
if (node.getAttribute('target') === '_blank') { if (node.getAttribute('target') === '_blank') {
@ -83,7 +83,6 @@ export const sanitizeText = (text: string, config: MermaidConfig): string => {
return text; return text;
} }
if (config.dompurifyConfig) { if (config.dompurifyConfig) {
// eslint-disable-next-line @typescript-eslint/no-base-to-string
text = DOMPurify.sanitize(sanitizeMore(text, config), config.dompurifyConfig).toString(); text = DOMPurify.sanitize(sanitizeMore(text, config), config.dompurifyConfig).toString();
} else { } else {
text = DOMPurify.sanitize(sanitizeMore(text, config), { text = DOMPurify.sanitize(sanitizeMore(text, config), {

1
packages/mermaid/src/mermaidAPI.ts
View File

@ -455,6 +455,7 @@ const render = async function (
svgCode = DOMPurify.sanitize(svgCode, { svgCode = DOMPurify.sanitize(svgCode, {
ADD_TAGS: DOMPURIFY_TAGS, ADD_TAGS: DOMPURIFY_TAGS,
ADD_ATTR: DOMPURIFY_ATTR, ADD_ATTR: DOMPURIFY_ATTR,
HTML_INTEGRATION_POINTS: { foreignobject: true },
}); });
} }

24
pnpm-lock.yaml generated
View File

@ -226,9 +226,6 @@ importers:
'@types/d3': '@types/d3':
specifier: ^7.4.3 specifier: ^7.4.3
version: 7.4.3 version: 7.4.3
'@types/dompurify':
specifier: ^3.0.5
version: 3.0.5
cytoscape: cytoscape:
specifier: ^3.29.2 specifier: ^3.29.2
version: 3.30.2 version: 3.30.2
@ -251,8 +248,8 @@ importers:
specifier: ^1.11.10 specifier: ^1.11.10
version: 1.11.13 version: 1.11.13
dompurify: dompurify:
specifier: ^3.0.11 <3.1.7 specifier: ^3.2.1
version: 3.1.6 version: 3.2.1
katex: katex:
specifier: ^0.16.9 specifier: ^0.16.9
version: 0.16.11 version: 0.16.11
@ -2768,9 +2765,6 @@ packages:
'@types/debug@4.1.12': '@types/debug@4.1.12':
resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==} resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==}
'@types/dompurify@3.0.5':
resolution: {integrity: sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg==}
'@types/estree@0.0.39': '@types/estree@0.0.39':
resolution: {integrity: sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw==} resolution: {integrity: sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw==}
@ -4720,8 +4714,8 @@ packages:
resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==} resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==}
engines: {node: '>= 4'} engines: {node: '>= 4'}
dompurify@3.1.6: dompurify@3.2.1:
resolution: {integrity: sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ==} resolution: {integrity: sha512-NBHEsc0/kzRYQd+AY6HR6B/IgsqzBABrqJbpCDQII/OK6h7B7LXzweZTDsqSW2LkTRpoxf18YUP+YjGySk6B3w==}
domutils@3.1.0: domutils@3.1.0:
resolution: {integrity: sha512-H78uMmQtI2AhgDJjWeQmHwJJ2bLPD3GMmO7Zja/ZZh84wkm+4ut+IUnUdRa8uCGX88DiVx1j6FRe1XfxEgjEZA==} resolution: {integrity: sha512-H78uMmQtI2AhgDJjWeQmHwJJ2bLPD3GMmO7Zja/ZZh84wkm+4ut+IUnUdRa8uCGX88DiVx1j6FRe1XfxEgjEZA==}
@ -12125,10 +12119,6 @@ snapshots:
dependencies: dependencies:
'@types/ms': 0.7.34 '@types/ms': 0.7.34
'@types/dompurify@3.0.5':
dependencies:
'@types/trusted-types': 2.0.7
'@types/estree@0.0.39': {} '@types/estree@0.0.39': {}
'@types/estree@1.0.6': {} '@types/estree@1.0.6': {}
@ -12970,7 +12960,7 @@ snapshots:
antlr4: 4.11.0 antlr4: 4.11.0
color-string: 1.9.1 color-string: 1.9.1
dom-to-image-more: 2.16.0 dom-to-image-more: 2.16.0
dompurify: 3.1.6 dompurify: 3.2.1
file-saver: 2.0.5 file-saver: 2.0.5
highlight.js: 10.7.3 highlight.js: 10.7.3
html-to-image: 1.11.11 html-to-image: 1.11.11
@ -14509,7 +14499,9 @@ snapshots:
dependencies: dependencies:
domelementtype: 2.3.0 domelementtype: 2.3.0
dompurify@3.1.6: {} dompurify@3.2.1:
optionalDependencies:
'@types/trusted-types': 2.0.7
domutils@3.1.0: domutils@3.1.0:
dependencies: dependencies:

1
scripts/tsc-check.ts
View File

@ -38,7 +38,6 @@ const SRC = {
// to match the real `package.json` values // to match the real `package.json` values
'type-fest': '*', 'type-fest': '*',
'@types/d3': '^7.4.3', '@types/d3': '^7.4.3',
'@types/dompurify': '^3.0.5',
typescript: '*', typescript: '*',
}, },
}, },