From b8e14b583ce3e4655ebb06577ce621d06f546e71 Mon Sep 17 00:00:00 2001
From: Rajat Jain <rjain@gitlab.com>
Date: Fri, 13 Sep 2019 17:53:14 +0530
Subject: Only render fixed number of mermaid blocks

---
 app/assets/javascripts/behaviors/markdown/render_mermaid.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/assets/javascripts/behaviors/markdown/render_mermaid.js b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
index 27708504791..c3e2c09f1d5 100644
--- a/app/assets/javascripts/behaviors/markdown/render_mermaid.js
+++ b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
@@ -36,6 +36,8 @@ export default function renderMermaid($els) {
         securityLevel: 'strict',
       });
 
+      let renderedChars = 0;
+
       $els.each((i, el) => {
         // Mermaid doesn't like `<br />` tags, so collapse all like tags into `<br>`, which is parsed correctly.
         const source = el.textContent.replace(/<br\s*\/>/g, '<br>');
@@ -45,7 +47,7 @@ export default function renderMermaid($els) {
          * prevent mermaidjs from hanging up the entire thread and
          * causing a DoS.
          */
-        if (source && source.length > MAX_CHAR_LIMIT) {
+        if ((source && source.length > MAX_CHAR_LIMIT) || renderedChars > MAX_CHAR_LIMIT) {
           el.textContent = sprintf(
             __(
               'Cannot render the image. Maximum character count (%{charLimit}) has been exceeded.',
@@ -55,6 +57,7 @@ export default function renderMermaid($els) {
           return;
         }
 
+        renderedChars += source.length;
         // Remove any extra spans added by the backend syntax highlighting.
         Object.assign(el, { textContent: source });
 
-- 
cgit v1.2.1