web/admin: add strict dompurify config for diagram (#11783)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-10-23 19:42:54 +02:00
parent 40c7fefd96
commit da73d4f784
2 changed files with 7 additions and 0 deletions
--- a/web/src/elements/Diagram.ts
+++ b/web/src/elements/Diagram.ts
@ -1,4 +1,5 @@
 import { EVENT_REFRESH, EVENT_THEME_CHANGE } from "@goauthentik/common/constants";
+import { DOM_PURIFY_STRICT } from "@goauthentik/common/purify";
 import { AKElement } from "@goauthentik/elements/Base";
 import "@goauthentik/elements/EmptyState";
 import mermaid, { MermaidConfig } from "mermaid";
@ -47,6 +48,8 @@ export class Diagram extends AKElement {
                curve: "linear",
            },
            htmlLabels: false,
+            securityLevel: "strict",
+            dompurifyConfig: DOM_PURIFY_STRICT,
        };
        mermaid.initialize(this.config);
    }