Nurfog/openccb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: update dependencies and improve MermaidBlock security

Browse Source 
- Updated mermaid from version 11.13.0 to 9.1.7 for compatibility.
- Upgraded next from version 14.2.21 to ^14.2.35 for the latest features and fixes.
- Added @types/dompurify and isomorphic-dompurify for improved sanitization.
- Replaced innerHTML assignment in MermaidBlock with sanitized SVG using DOMPurify.
- Updated eslint-config-next to ^16.2.4 for better linting support.
This commit is contained in:
Juan Enrique Allende Cifuentes
2026-04-28 15:15:16 -04:00
parent 567fa66428
commit 2c8bfaa20e
39 changed files with 3701 additions and 2866 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/studio/src/components/blocks/MermaidBlock.tsx
+3 -1
View File
@@ -4,6 +4,7 @@ import { useState, useEffect, useRef } from "react";
import { Wand2, Loader2, Code2, Play } from "lucide-react";
import { cmsApi } from "@/lib/api";
import mermaid from "mermaid";
import DOMPurify from "isomorphic-dompurify";
interface MermaidBlockProps {
id: string;
@@ -48,7 +49,8 @@ export default function MermaidBlock({
mermaidRef.current.innerHTML = "";
const { svg } = await mermaid.render(`mermaid-${id}`, mermaid_code);
if (mermaidRef.current) {
mermaidRef.current.innerHTML = svg;
// Sanitizar SVG antes de inyectar
mermaidRef.current.innerHTML = DOMPurify.sanitize(svg);
}
} catch (error: any) {
console.error("Mermaid parsing error:", error);