diff options
Diffstat (limited to 'app/assets/javascripts/drawio/drawio_editor.js')
-rw-r--r-- | app/assets/javascripts/drawio/drawio_editor.js | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/app/assets/javascripts/drawio/drawio_editor.js b/app/assets/javascripts/drawio/drawio_editor.js index 06e7f536426..9668c2835ce 100644 --- a/app/assets/javascripts/drawio/drawio_editor.js +++ b/app/assets/javascripts/drawio/drawio_editor.js @@ -9,6 +9,7 @@ import { DRAWIO_FRAME_ID, DIAGRAM_BACKGROUND_COLOR, DRAWIO_IFRAME_TIMEOUT, + DIAGRAM_MAX_SIZE, } from './constants'; function updateDrawioEditorState(drawIOEditorState, data) { @@ -109,14 +110,24 @@ async function loadExistingDiagram(drawIOEditorState, editorFacade) { try { diagram = await editorFacade.getDiagram(); } catch (e) { - throw new Error(__('Cannot load the diagram into the draw.io editor')); + throw new Error(__('Cannot load the diagram into the diagrams.net editor')); } if (diagram) { - const { diagramMarkdown, filename, diagramSvg, contentType } = diagram; + const { diagramMarkdown, filename, diagramSvg, contentType, diagramURL } = diagram; + const resolvedURL = new URL(diagramURL, window.location.origin); + const diagramSvgSize = new Blob([diagramSvg]).size; if (contentType !== 'image/svg+xml') { - throw new Error(__('The selected image is not a diagram')); + throw new Error(__('The selected image is not a valid SVG diagram')); + } + + if (resolvedURL.origin !== window.location.origin) { + throw new Error(__('The selected image is not an asset uploaded in the application')); + } + + if (diagramSvgSize > DIAGRAM_MAX_SIZE) { + throw new Error(__('The selected image is too large.')); } updateDrawioEditorState(drawIOEditorState, { @@ -142,7 +153,7 @@ async function prepareEditor(drawIOEditorState, editorFacade) { try { await loadExistingDiagram(drawIOEditorState, editorFacade); - iframe.style.visibility = ''; + iframe.style.visibility = 'visible'; iframe.style.cursor = ''; window.scrollTo(0, 0); } catch (e) { @@ -212,23 +223,15 @@ function createEditorIFrame(drawIOEditorState) { setAttributes(iframe, { id: DRAWIO_FRAME_ID, src: DRAWIO_EDITOR_URL, + class: 'drawio-editor', }); - iframe.style.position = 'absolute'; - iframe.style.border = '0'; - iframe.style.top = '0px'; - iframe.style.left = '0px'; - iframe.style.width = '100%'; - iframe.style.height = '100%'; - iframe.style.zIndex = '1100'; - iframe.style.visibility = 'hidden'; - document.body.appendChild(iframe); setTimeout(() => { if (drawIOEditorState.initialized === false) { disposeDrawioEditor(drawIOEditorState); - createAlert({ message: __('The draw.io editor could not be loaded.') }); + createAlert({ message: __('The diagrams.net editor could not be loaded.') }); } }, DRAWIO_IFRAME_TIMEOUT); |