Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Faulty cleaning of arrowMarkerUrls #4446

Closed
knsv opened this issue Jun 1, 2023 · 0 comments
Closed

Faulty cleaning of arrowMarkerUrls #4446

knsv opened this issue Jun 1, 2023 · 0 comments
Assignees
@knsv
Labels
Status: Triage Needs to be verified, categorized, etc Type: Bug / Error Something isn't working or is incorrect

Comments

@knsv
Copy link
Collaborator

knsv commented Jun 1, 2023
edited
Loading

Description

The cleaning of arrowMarkerUrls can be too aggressive and can result in errors in some cases. This can be exploited to do css injections.

Steps to reproduce

...

Screenshots

No response

Code Sample

No response

Setup

  • Mermaid version:
  • Browser and Version: [Chrome, Edge, Firefox]

Additional Context

No response
@knsv knsv added Type: Bug / Error Something isn't working or is incorrect Status: Triage Needs to be verified, categorized, etc labels Jun 1, 2023
@knsv knsv self-assigned this Jun 1, 2023
knsv added a commit that referenced this issue Jun 1, 2023
@knsv
#4446 Updating the cleanup criteria
7b6cb4f
@knsv knsv mentioned this issue Jun 1, 2023
Merged
4 tasks
knsv added a commit that referenced this issue Jun 1, 2023
@knsv
#4446 Improved regular expression
55092f5
knsv added a commit that referenced this issue Jun 1, 2023
@knsv
Merge pull request #4447 from mermaid-js/4446-handling-of-arrowMarker…
7cdb15c 
…-urls

#4446 Updating the cleanup criteria
@knsv knsv closed this as completed Jun 2, 2023
sidharthv96 added a commit that referenced this issue Jun 12, 2023
@sidharthv96
Merge branch 'develop' into sidv/splitUnicode
c85e479 
* develop:
  Update docs
  Rename info to note
  Rename "info" to "note"
  Update all patch dependencies
  Fix Directives Documentation
  Update tutorial link
  Run build
  Fix link to Tutorials from n00b-overview page
  UPdated version to 10.2.3
  Remove old changelog
  Remove old changelog
  Setting version to 10.2.2
  #4446 Improved regular expression
  #4446 Updating the cleanup criteria
  #4438 Reverted to the changes from #4285
  Fix download
  Fix compile error in docs.
  Fix Contributor link in homepage
  Update docs
  Add hint on "flowchart" and "graph" (and some more styling)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@knsv knsv

Labels
Status: Triage Needs to be verified, categorized, etc Type: Bug / Error Something isn't working or is incorrect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@knsv