Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: ban version v3.1.7 of DOMPurify #5914

Merged
merged 1 commit into from
Oct 1, 2024
Merged

fix: ban version v3.1.7 of DOMPurify #5914

merged 1 commit into from
Oct 1, 2024

Conversation

aloisklink
Copy link
Member

📑 Summary

DOMPurify v3.1.7 forbids the use of <foreignElement> for HTML inside of an <svg> element, which breaks many mermaid diagrams.

It is likely that v3.1.8 will add a new option that will allow us to re-enable this behaviour, but v3.1.7 definitely does not work, so we should remove support for it from our dependencies.

See: cure53/DOMPurify#1002

Resolves #5904

Big thanks to @slorber for their awesome work in communicating with the DOMPurify maintainers (and of course their work on https://docusaurus.io/ 🦖!)

📏 Design Decisions

N/A

📋 Tasks

Make sure you

  • 📖 have read the contribution guidelines
  • 💻 have added necessary unit/e2e tests.
    • N/A
  • 📓 have added documentation. Make sure MERMAID_RELEASE_VERSION is used for all new features.
    • N/A
  • 🦋 If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. Changesets that add features should be minor and those that fix bugs should be patch. Please prefix changeset messages with feat:, fix:, or chore:.

@aloisklink
fix: ban version v3.1.7 of DOMPurify
de2c05c 
[DOMPurify v3.1.7][1] forbids the use of `<foreignElement>` for HTML
inside of an `<svg>` element, which breaks many mermaid diagrams.

It is likely that v3.1.8 will add a new option that will allow us to
re-enable this behaviour, but v3.1.7 definitely does not work.

[1]: https://github.com/cure53/DOMPurify/releases/tag/3.1.7

See: cure53/DOMPurify#1002
Fix: mermaid-js#5904
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Oct 1, 2024

🦋 Changeset detected

Latest commit: de2c05c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
mermaid Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions github-actions bot added the Type: Bug / Error Something isn't working or is incorrect label Oct 1, 2024
@netlify Netlify
Copy link

netlify bot commented Oct 1, 2024
edited
Loading

Deploy Preview for mermaid-js ready!

Name Link
🔨 Latest commit de2c05c
🔍 Latest deploy log https://app.netlify.com/sites/mermaid-js/deploys/66fc10bef34a3400086b0624
😎 Deploy Preview https://deploy-preview-5914--mermaid-js.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Oct 1, 2024

Open in Stackblitz

pnpm add https://pkg.pr.new/mermaid-js/mermaid/@mermaid-js/layout-elk@5914

pnpm add https://pkg.pr.new/mermaid-js/mermaid/@mermaid-js/parser@5914

pnpm add https://pkg.pr.new/mermaid-js/mermaid/@mermaid-js/mermaid-zenuml@5914

pnpm add https://pkg.pr.new/mermaid-js/mermaid@5914

commit: de2c05c

@codecov Codecov
Copy link

codecov bot commented Oct 1, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 5.00%. Comparing base (b3dee34) to head (de2c05c).
Report is 2 commits behind head on develop.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##           develop   #5914   +/-   ##
=======================================
  Coverage     5.00%   5.00%           
=======================================
  Files          337     337           
  Lines        48209   48209           
  Branches       576     576           
=======================================
  Hits          2413    2413           
  Misses       45796   45796
Flag Coverage Δ
unit 5.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@aloisklink aloisklink mentioned this pull request Oct 1, 2024
Closed
@argos-ci Argos CI
Copy link

argos-ci bot commented Oct 1, 2024
edited
Loading

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build Status Details Updated (UTC)
default (Inspect) ⚠️ Changes detected (Review) 1 changed Oct 1, 2024, 3:23 PM

@sidharthv96 sidharthv96 added this pull request to the merge queue Oct 1, 2024
Merged via the queue into mermaid-js:develop with commit a5559c6 Oct 1, 2024
20 of 21 checks passed
@aloisklink aloisklink deleted the fix/5904-ban-dompurify-3.1.7 branch October 1, 2024 15:32
@github-actions github-actions bot mentioned this pull request Oct 3, 2024
Merged
@WontonSam WontonSam mentioned this pull request Oct 6, 2024
Open
@KianNH KianNH mentioned this pull request Oct 16, 2024
Closed
@X-oss-byte X-oss-byte mentioned this pull request Oct 27, 2024
Open
@pudo pudo mentioned this pull request Oct 28, 2024
Open
@rsaz rsaz mentioned this pull request Oct 28, 2024
Open
@WontonSam WontonSam mentioned this pull request Nov 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sidharthv96 sidharthv96 sidharthv96 approved these changes

Assignees
No one assigned
Labels
Type: Bug / Error Something isn't working or is incorrect
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Mermaid diagrams broken due to DOMPurify release v3.1.7 (empty <foreignObject)
2 participants
@aloisklink @sidharthv96