Merge branch 'sh-update-mermaid' into 'master'
Update Mermaid to v8.2.3 Closes #64601 See merge request gitlab-org/gitlab-ce!30985
This commit is contained in:
commit
d77bd32cbe
|
@ -33,6 +33,7 @@ export default function renderMermaid($els) {
|
|||
flowchart: {
|
||||
htmlLabels: false,
|
||||
},
|
||||
securityLevel: 'strict',
|
||||
});
|
||||
|
||||
$els.each((i, el) => {
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Update Mermaid to v8.2.3
|
||||
merge_request: 30985
|
||||
author:
|
||||
type: fixed
|
|
@ -96,7 +96,7 @@
|
|||
"jszip-utils": "^0.0.2",
|
||||
"katex": "^0.10.0",
|
||||
"marked": "^0.3.12",
|
||||
"mermaid": "^8.1.0",
|
||||
"mermaid": "^8.2.3",
|
||||
"monaco-editor": "^0.15.6",
|
||||
"monaco-editor-webpack-plugin": "^1.7.0",
|
||||
"mousetrap": "^1.4.6",
|
||||
|
|
|
@ -41,16 +41,17 @@ describe "User comments on issue", :js do
|
|||
expect(page.find('pre code').text).to eq code_block_content
|
||||
end
|
||||
|
||||
it "does not render html content in mermaid" do
|
||||
it "renders escaped HTML content in Mermaid" do
|
||||
html_content = "<img onerror=location=`javascript\\u003aalert\\u0028document.domain\\u0029` src=x>"
|
||||
mermaid_content = "graph LR\n B-->D(#{html_content});"
|
||||
escaped_content = CGI.escapeHTML(html_content).gsub('=', "=")
|
||||
comment = "```mermaid\n#{mermaid_content}\n```"
|
||||
|
||||
add_note(comment)
|
||||
|
||||
wait_for_requests
|
||||
|
||||
expect(page.find('svg.mermaid')).to have_content html_content
|
||||
expect(page.find('svg.mermaid')).to have_content escaped_content
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue