Commit 5304da4e authored by Rajat Jain's avatar Rajat Jain Committed by Yorick Peterse

Only render fixed number of mermaid blocks

parent 9573973c
......@@ -36,6 +36,8 @@ export default function renderMermaid($els) {
securityLevel: 'strict',
});
let renderedChars = 0;
$els.each((i, el) => {
// Mermaid doesn't like `<br />` tags, so collapse all like tags into `<br>`, which is parsed correctly.
const source = el.textContent.replace(/<br\s*\/>/g, '<br>');
......@@ -45,7 +47,7 @@ export default function renderMermaid($els) {
* prevent mermaidjs from hanging up the entire thread and
* causing a DoS.
*/
if (source && source.length > MAX_CHAR_LIMIT) {
if ((source && source.length > MAX_CHAR_LIMIT) || renderedChars > MAX_CHAR_LIMIT) {
el.textContent = sprintf(
__(
'Cannot render the image. Maximum character count (%{charLimit}) has been exceeded.',
......@@ -55,6 +57,7 @@ export default function renderMermaid($els) {
return;
}
renderedChars += source.length;
// Remove any extra spans added by the backend syntax highlighting.
Object.assign(el, { textContent: source });
......
---
title: Only render fixed number of mermaid blocks
merge_request:
author:
type: security
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment