Merge branch 'security-mermaid-xss' into 'master'

[master] Fix XSS in mermaid diagrams See merge request gitlab/gitlabhq!2597
author: Cindy Pallares <cindy@gitlab.com> 2018-11-28 18:39:27 +0000
committer: Cindy Pallares <cindy@gitlab.com> 2018-11-28 19:09:28 -0500
commit: c4bb0a116efb8d95dcf7edd92424795ea919660f (patch)
tree: f9ff00b504186b09cc92891319f3b69eb4255059 /app
parent: e3a5ce58bbd288063c705c57f2e7b3fcdf2b4a3b (diff)
download: gitlab-ce-c4bb0a116efb8d95dcf7edd92424795ea919660f.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/app/assets/javascripts/behaviors/markdown/render_mermaid.js b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
index 720f30e18e6..35380ca49fb 100644
--- a/app/assets/javascripts/behaviors/markdown/render_mermaid.js
+++ b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
@@ -26,6 +26,9 @@ export default function renderMermaid($els) {
         },
         // mermaidAPI options
         theme: 'neutral',
+        flowchart: {
+          htmlLabels: false,
+        },
       });
 
       $els.each((i, el) => {
author	Cindy Pallares <cindy@gitlab.com>	2018-11-28 18:39:27 +0000
committer	Cindy Pallares <cindy@gitlab.com>	2018-11-28 19:09:28 -0500
commit	c4bb0a116efb8d95dcf7edd92424795ea919660f (patch)
tree	f9ff00b504186b09cc92891319f3b69eb4255059 /app
parent	e3a5ce58bbd288063c705c57f2e7b3fcdf2b4a3b (diff)
download	gitlab-ce-c4bb0a116efb8d95dcf7edd92424795ea919660f.tar.gz