diff options
author | Steve Azzopardi <sazzopardi@gitlab.com> | 2018-11-23 14:45:46 +0000 |
---|---|---|
committer | Steve Azzopardi <sazzopardi@gitlab.com> | 2018-11-23 14:45:46 +0000 |
commit | 19f66b80b6a98cacfc92af00825f051a8c211f8a (patch) | |
tree | 858f7c7f092be1cf1886e3ba047796c1a096ff82 /app | |
parent | 6cbaa35c36eac07ee44e39b64f5277d2bd9be56b (diff) | |
parent | 4db692244c38db15bb9b7e47669a9712a5b55d69 (diff) | |
download | gitlab-ce-19f66b80b6a98cacfc92af00825f051a8c211f8a.tar.gz |
Merge branch 'security-mermaid-xss-11-4' into 'security-11-4'
[11.4] Fix XSS in mermaid diagrams
See merge request gitlab/gitlabhq!2622
Diffstat (limited to 'app')
-rw-r--r-- | app/assets/javascripts/behaviors/markdown/render_mermaid.js | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/app/assets/javascripts/behaviors/markdown/render_mermaid.js b/app/assets/javascripts/behaviors/markdown/render_mermaid.js index 56b1896e9f1..4abea532d56 100644 --- a/app/assets/javascripts/behaviors/markdown/render_mermaid.js +++ b/app/assets/javascripts/behaviors/markdown/render_mermaid.js @@ -25,6 +25,9 @@ export default function renderMermaid($els) { }, // mermaidAPI options theme: 'neutral', + flowchart: { + htmlLabels: false, + }, }); $els.each((i, el) => { |