Limit number of characters allowed in mermaidjs
This commit is contained in:
parent
9a4ef1e373
commit
0ea350965d
|
@ -1,4 +1,5 @@
|
|||
import flash from '~/flash';
|
||||
import { sprintf, __ } from '../../locale';
|
||||
|
||||
// Renders diagrams and flowcharts from text using Mermaid in any element with the
|
||||
// `js-render-mermaid` class.
|
||||
|
@ -14,6 +15,9 @@ import flash from '~/flash';
|
|||
// </pre>
|
||||
//
|
||||
|
||||
// This is an arbitary number; Can be iterated upon when suitable.
|
||||
const MAX_CHAR_LIMIT = 5000;
|
||||
|
||||
export default function renderMermaid($els) {
|
||||
if (!$els.length) return;
|
||||
|
||||
|
@ -34,6 +38,21 @@ export default function renderMermaid($els) {
|
|||
$els.each((i, el) => {
|
||||
const source = el.textContent;
|
||||
|
||||
/**
|
||||
* Restrict the rendering to a certain amount of character to
|
||||
* prevent mermaidjs from hanging up the entire thread and
|
||||
* causing a DoS.
|
||||
*/
|
||||
if (source && source.length > MAX_CHAR_LIMIT) {
|
||||
el.textContent = sprintf(
|
||||
__(
|
||||
'Cannot render the image. Maximum character count (%{charLimit}) has been exceeded.',
|
||||
),
|
||||
{ charLimit: MAX_CHAR_LIMIT },
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
||||
// Remove any extra spans added by the backend syntax highlighting.
|
||||
Object.assign(el, { textContent: source });
|
||||
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Limit mermaid rendering to 5K characters
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -1299,6 +1299,9 @@ msgstr ""
|
|||
msgid "Cannot modify managed Kubernetes cluster"
|
||||
msgstr ""
|
||||
|
||||
msgid "Cannot render the image. Maximum character count (%{charLimit}) has been exceeded."
|
||||
msgstr ""
|
||||
|
||||
msgid "Certificate"
|
||||
msgstr ""
|
||||
|
||||
|
|
Loading…
Reference in New Issue