Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flowchart securityLevel: "antiscript" disables click callback functionality #5944

Open
jonmattgray opened this issue Oct 8, 2024 · 0 comments
Open

Flowchart securityLevel: "antiscript" disables click callback functionality #5944

jonmattgray opened this issue Oct 8, 2024 · 0 comments
Labels
Status: Triage Needs to be verified, categorized, etc Type: Bug / Error Something isn't working or is incorrect

Comments

@jonmattgray
Copy link

jonmattgray commented Oct 8, 2024
edited
Loading

Description

Following the flowchart documentation, I've created a clickable element that triggers a javascript callback function. This callback works when securityLevel: "loose" but fails to trigger when securityLevel: "antiscript". I've linked a jsfiddle where you can swap between securityLevel settings to see. Is this intended behaviour?

I was hoping antiscript would remove any potential malicious <script> from the markdown but retain the functionality of click A callback

Steps to reproduce

https://jsfiddle.net/Lb6q8uyz/2

Screenshots

No response

Code Sample

<pre class="mermaid">
    flowchart LR
        A
        click A callback
</pre>
var callback = function () {
      alert('Callback triggered');
};
const config = {
      startOnLoad: true,
      securityLevel: 'antiscript',
};
mermaid.initialize(config);

Setup

  • Mermaid version: 11.3.0
  • Browser and Version: Firefox 131.0

Suggested Solutions

No response

Additional Context

No response
@jonmattgray jonmattgray added Status: Triage Needs to be verified, categorized, etc Type: Bug / Error Something isn't working or is incorrect labels Oct 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Triage Needs to be verified, categorized, etc Type: Bug / Error Something isn't working or is incorrect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jonmattgray