Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve the wording of security level values #4395

Merged
merged 1 commit into from
May 15, 2023
Merged

Improve the wording of security level values #4395

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions packages/mermaid/src/defaultConfig.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,13 +88,13 @@ const config: Partial<MermaidConfig> = {
*
* **Notes**:
*
* - **strict**: (**default**) tags in text are encoded, click functionality is disabled
* - **loose**: tags in text are allowed, click functionality is enabled
* - **antiscript**: html tags in text are allowed, (only script element is removed), click
* functionality is enabled
* - **sandbox**: With this security level all rendering takes place in a sandboxed iframe. This
* - **strict**: (**default**) HTML tags in the text are encoded and click functionality is disabled.
* - **antiscript**: HTML tags in text are allowed (only script elements are removed), and click
* functionality is enabled.
* - **loose**: HTML tags in text are allowed and click functionality is enabled.
* - **sandbox**: With this security level, all rendering takes place in a sandboxed iframe. This
* prevent any JavaScript from running in the context. This may hinder interactive functionality
* of the diagram like scripts, popups in sequence diagram or links to other tabs/targets etc.
* of the diagram, like scripts, popups in the sequence diagram, links to other tabs or targets, etc.
*/
securityLevel: 'strict',

Expand Down
8 changes: 4 additions & 4 deletions packages/mermaid/src/docs/config/usage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,10 +106,10 @@ A `securityLevel` configuration has to first be cleared. `securityLevel` sets th

Values:

- **strict**: (**default**) tags in text are encoded, click functionality is disabled
- **loose**: tags in text are allowed, click functionality is enabled
- **antiscript**: html tags in text are allowed, (only script element is removed), click functionality is enabled
- **sandbox**: With this security level all rendering takes place in a sandboxed iframe. This prevent any JavaScript running in the context. This may hinder interactive functionality of the diagram like scripts, popups in sequence diagram or links to other tabs/targets etc.
- **strict**: (**default**) HTML tags in the text are encoded and click functionality is disabled.
- **antiscript**: HTML tags in text are allowed (only script elements are removed) and click functionality is enabled.
- **loose**: HTML tags in text are allowed and click functionality is enabled.
- **sandbox**: With this security level, all rendering takes place in a sandboxed iframe. This prevent any JavaScript from running in the context. This may hinder interactive functionality of the diagram, like scripts, popups in the sequence diagram, links to other tabs or targets, etc.

```note
This changes the default behaviour of mermaid so that after upgrade to 8.2, unless the `securityLevel` is not changed, tags in flowcharts are encoded as tags and clicking is disabled.
Expand Down