Add suppressErrorRendering option to avoid inserting 'Syntax error' message to DOM directly
#4359
Conversation
… message in diagram
* develop: (255 commits) chore(deps): update all minor dependencies chore: Run codecov based on E2E test status change REAMDME.md coverage from coveralls into codecov Add codecov.yaml Upload E2E set normal mode for vitest coverage Fix path name Add codecov to unit tests Add codecov to E2E chore: Add coverage scripts chore: add excludes chore: update deps Merge coverages Add coverage paths Rebuild chore: update pnpm Add coverage for E2E tests rename plugin variable into info in infoDetector.ts remove cypress/platform/index.html update pnpm-lock.yaml ...
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #4359 +/- ##
========================================
Coverage 44.79% 44.79%
========================================
Files 25 25
Lines 5353 5353
Branches 27 27
========================================
Hits 2398 2398
Misses 2954 2954
Partials 1 1
Flags with carried forward coverage won't be shown. Click here to find out more. |
* develop: (595 commits) chore: Fix unit tests chore(deps): update all patch dependencies chore: Update docs Update docs New Mermaid Live Editor for Confluence Cloud (mermaid-js#4814) Update link to Discourse theme component (mermaid-js#4811) Update flowchart.md (mermaid-js#4810) chore: remove unneeded `CommomDB` chore: Update docs "CSS" instead of "css" in flowchart.md (mermaid-js#4797) Update CONTRIBUTING.md Update CONTRIBUTING.md fix: typos (mermaid-js#4801) chore: Align with convention fix: Add support for `~test Array~string~` chore: Add JSDoc to apply in sequenceDB refactor: Tidy up direction handling chore: Fix flowchart arrow chore: Add test to verify activate chore: Update tests snapshot ...
✅ Deploy Preview for mermaid-js ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
This is the current scenario 
This is what the user will see with the option set. |
|
@rhysd an empty SVG is still being inserted into the page. |
Oh, that's not the behaviour I expected. |
|
Fixed |
* develop: (37 commits) fix: Arrow markers in flowchart-elk Bump version chore: Fix type in 'getLineFunctionsWithOffset' Update cypress/platform/marker_unique_id.html refactor: Add getLineFunctionsWithOffset function refactor: Move EdgeData to types fix: PointStart marker refX Added cypress test chore(deps): update all patch dependencies refactor: Fix typings in utils.ts Give markers unique id's per graph chore: Add @internal to createCSSStyles chore: Bump version refactor: Remove unused variables fix: mermaid-js#4818 support `getClasses` in external diagrams. Remove unnecessary tests Remove optional chaining chore: Update docs refactor: Use `||` instead of `??` Update flowchart.md (mermaid-js#4798) ...
There was a problem hiding this comment.
Everything looks good to me, except that mermaid.render() won't throw any errors if there is a diag.renderer.draw() exception (unless suppressErrorRendering: true is set).
I think this might be a breaking change for the https://github.com/mermaid-js/mermaid-cli project, but I'm 90% sure this is just a typo by @sidharthv96 in 16c12a4 :)
By the way, does it make sense to add 'suppressErrorRendering' to the default secure key list:
mermaid/packages/mermaid/src/schemas/config.schema.yaml
Lines 150 to 158 in 4201e47
To be honest, doing something like the following seems pretty safe to me:
```mermaid
---
config:
suppressErrorRendering: true # should this be allowed by default??
---
flowchart
This diagram has an error in it
```But there is a small part of me that is worried that it might cause a denial-of-service attack if some third-party code is expecting Mermaid to return an SVG and it doesn't.
Co-authored-by: Alois Klink <alois@aloisklink.com>
Co-authored-by: Alois Klink <alois@aloisklink.com>
|
Added suppressErrorRendering to the secure flags. |
There was a problem hiding this comment.
Added
suppressErrorRenderingto the secure flags.
I don't see a reason for the individual diagrams to be modify the config.
👍 One last comment, there seems to be a race-condition in the E2E Cypress tests you added, but I've got a fix, see my comments :)
Other than that, everything seems great to me! It might be good to wait for @knsv to review, just to make sure there's no potential security issues with this change, but I think now that we've added supressErrorRendering to the secure flags, it should be okay.
Co-authored-by: Alois Klink <alois@aloisklink.com>
* develop: (154 commits) chore(deps): update all patch dependencies chore: release v10.6.1 fix(flow): fix invalid ellipseText regex review fixes Update XYChart's nav link in the docs template add comment for ts ignore move decodeEntities to utils review fixes chore(deps): update all minor dependencies chore: Point to correct changelog add spec fix: getMessageAPI so it considers entity codes chore(deps): update all patch dependencies Update integrations-community.md docs: upate the list of tools with native support of mermaid Fix typo in build-docs.yml Updated mermaid version Limiting the number of edges that are allowed in the flowchart Update README.md Update README.md ...
|
Can someone follow up on status here? |
…error_rendering I ran `pnpm run --filter mermaid docs:build` to fix merge conflicts in docs/config/setup/modules/mermaidAPI.md
github-actions
bot
added
the
Type: Bug / Error
I'd like @knsv (or somebody experienced with the |
* develop: (171 commits) Lint Remove echo RefTest Echo event Update cypress Fix applitools docs: fix lint docs: move community to Discord Swap condition blocks to avoid using negation Reposition const declaration to ideal place Change repetitive values into consts docs: fix swimm link Fix Update Browserslist Use pnpm/action-setup@v2 Fix lint Cleanup e2e.yml Ignore push events on merge queue Remove :: Remove :: Remove :: ...
|
This looks great! Lets merge it! |
* develop: (453 commits) chore: Minor fixes chore: Build docs Use develop as base on develop branch. Update renovate json update link update announcement and blog pages Remove `--force` flag Tweak editor.bash update link chore: update browsers list Update integrations-community: add Drupal and module. Support Firefox Address review comments Change run symbol feat: Make the examples interactive in the documentation site. Add langium chore: update browsers list chore(deps): update all patch dependencies chore(deps): update all minor dependencies Update keywords and description ...
sidharthv96
force-pushed
the
bug/4358_suppress_error_rendering
branch
from
63a77b0 to
ecfa149
Compare
|
@rhysd, Thank you for the contribution! |
Update mermaid to [v11](https://github.com/mermaid-js/mermaid/releases/tag/v11.0.0) and enable the new [`suppressErrorRendering` option](mermaid-js/mermaid#4359) to ensure mermaid never renders error elements into the DOM (we have per-chart error rendering, so don't need it). Tested various chart types. BTW, I was unable to reproduce that error rendering from mermaid with `suppressErrorRendering: false` and I thought we had some CSS to hide the error element, but I could not find it, not even in git history.
📑 Summary
This PR adds new boolean option
suppressErrorRendering. When it is set totrue, mermaid won't insert 'Syntax error' message to DOM directly so that the user can take full control on handling the error.Resolves #4358
Resolves #3205
📏 Design Decisions
I think there are two options to realize this feature:
mermaid.renderI chose the first one because (1) it should affect all APIs such as
mermaid.runand (2) adding new argument to the function should be avoided since it makes the API more complicated.📋 Tasks
Make sure you
mermaid.render. Please let me know if I'm missing something)developbranch