From c4bb0a116efb8d95dcf7edd92424795ea919660f Mon Sep 17 00:00:00 2001
From: Cindy Pallares <cindy@gitlab.com>
Date: Wed, 28 Nov 2018 18:39:27 +0000
Subject: Merge branch 'security-mermaid-xss' into 'master'

[master] Fix XSS in mermaid diagrams

See merge request gitlab/gitlabhq!2597
---
 app/assets/javascripts/behaviors/markdown/render_mermaid.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'app/assets')

diff --git a/app/assets/javascripts/behaviors/markdown/render_mermaid.js b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
index 720f30e18e6..35380ca49fb 100644
--- a/app/assets/javascripts/behaviors/markdown/render_mermaid.js
+++ b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
@@ -26,6 +26,9 @@ export default function renderMermaid($els) {
         },
         // mermaidAPI options
         theme: 'neutral',
+        flowchart: {
+          htmlLabels: false,
+        },
       });
 
       $els.each((i, el) => {
-- 
cgit v1.2.1