Merge branch 'security-mermaid-xss-11-4' into 'security-11-4'

[11.4] Fix XSS in mermaid diagrams See merge request gitlab/gitlabhq!2622
author: Steve Azzopardi <sazzopardi@gitlab.com> 2018-11-23 14:45:46 +0000
committer: Steve Azzopardi <sazzopardi@gitlab.com> 2018-11-23 14:45:46 +0000
commit: 19f66b80b6a98cacfc92af00825f051a8c211f8a (patch)
tree: 858f7c7f092be1cf1886e3ba047796c1a096ff82 /app
parent: 6cbaa35c36eac07ee44e39b64f5277d2bd9be56b (diff)
parent: 4db692244c38db15bb9b7e47669a9712a5b55d69 (diff)
download: gitlab-ce-19f66b80b6a98cacfc92af00825f051a8c211f8a.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/app/assets/javascripts/behaviors/markdown/render_mermaid.js b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
index 56b1896e9f1..4abea532d56 100644
--- a/app/assets/javascripts/behaviors/markdown/render_mermaid.js
+++ b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
@@ -25,6 +25,9 @@ export default function renderMermaid($els) {
       },
       // mermaidAPI options
       theme: 'neutral',
+      flowchart: {
+        htmlLabels: false,
+      },
     });
 
     $els.each((i, el) => {
author	Steve Azzopardi <sazzopardi@gitlab.com>	2018-11-23 14:45:46 +0000
committer	Steve Azzopardi <sazzopardi@gitlab.com>	2018-11-23 14:45:46 +0000
commit	19f66b80b6a98cacfc92af00825f051a8c211f8a (patch)
tree	858f7c7f092be1cf1886e3ba047796c1a096ff82 /app
parent	6cbaa35c36eac07ee44e39b64f5277d2bd9be56b (diff)
parent	4db692244c38db15bb9b7e47669a9712a5b55d69 (diff)
download	gitlab-ce-19f66b80b6a98cacfc92af00825f051a8c211f8a.tar.gz