Commit 18c50468 authored by Kushal Pandya's avatar Kushal Pandya

Merge branch 'mermaid-whitelist' into 'master'

Whitelist pages in mermaid rendering

See merge request gitlab-org/gitlab!62451
parents 2b6812fd e1a4b221
......@@ -30,6 +30,24 @@ let renderedMermaidBlocks = 0;
let mermaidModule = {};
// Whitelist pages where we won't impose any restrictions
// on mermaid rendering
const WHITELISTED_PAGES = [
// Group wiki
'groups:wikis:show',
'groups:wikis:edit',
'groups:wikis:create',
// Project wiki
'projects:wikis:show',
'projects:wikis:edit',
'projects:wikis:create',
// Project files
'projects:show',
'projects:blob:show',
];
export function initMermaid(mermaid) {
let theme = 'neutral';
......@@ -120,8 +138,10 @@ function renderMermaidEl(el) {
function renderMermaids($els) {
if (!$els.length) return;
const pageName = document.querySelector('body').dataset.page;
// A diagram may have been truncated in search results which will cause errors, so abort the render.
if (document.querySelector('body').dataset.page === 'search:show') return;
if (pageName === 'search:show') return;
importMermaidModule()
.then(() => {
......@@ -140,10 +160,11 @@ function renderMermaids($els) {
* up the entire thread and causing a DoS.
*/
if (
(source && source.length > MAX_CHAR_LIMIT) ||
renderedChars > MAX_CHAR_LIMIT ||
renderedMermaidBlocks >= MAX_MERMAID_BLOCK_LIMIT ||
shouldLazyLoadMermaidBlock(source)
!WHITELISTED_PAGES.includes(pageName) &&
((source && source.length > MAX_CHAR_LIMIT) ||
renderedChars > MAX_CHAR_LIMIT ||
renderedMermaidBlocks >= MAX_MERMAID_BLOCK_LIMIT ||
shouldLazyLoadMermaidBlock(source))
) {
const html = `
<div class="alert gl-alert gl-alert-warning alert-dismissible lazy-render-mermaid-container js-lazy-render-mermaid-container fade show" role="alert">
......
......@@ -247,6 +247,36 @@ RSpec.describe 'Mermaid rendering', :js do
expect(page).to have_selector('.js-lazy-render-mermaid-container')
end
end
it 'renders without any limits on wiki page', :js do
graph_edges = "A-->B;B-->A;"
description = <<~MERMAID
```mermaid
graph LR
#{graph_edges}
```
MERMAID
description *= 51
project = create(:project, :public)
wiki_page = build(:wiki_page, { container: project, content: description })
wiki_page.create message: 'mermaid test commit' # rubocop:disable Rails/SaveBang
wiki_page = project.wiki.find_page(wiki_page.slug)
visit project_wiki_path(project, wiki_page)
wait_for_requests
wait_for_mermaid
page.within('.js-wiki-page-content') do
expect(page).not_to have_selector('.lazy-alert-shown')
expect(page).not_to have_selector('.js-lazy-render-mermaid-container')
end
end
end
def wait_for_mermaid
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment