gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-03 21:19:01 +01:00
Code Issues Actions 20 Packages Projects Releases Wiki Activity

fix(mermaid): bypass security issue when generating PNG

Browse Source
This commit is contained in:
Elian Doran 2025-03-31 21:18:40 +03:00
parent 3d0ec27038
commit 6976c9555e
No known key found for this signature in database
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/public/app/services/utils.ts
View File

@ -665,14 +665,12 @@ function downloadSvgAsPng(nameWithoutExtension: string, svgContent: string) {
// Convert the image to a blob.
const { width, height } = result;
const svgBlob = new Blob([ svgContent ], {
type: SVG_MIME
})
// Create an image element and load the SVG.
const imageEl = new Image();
imageEl.width = width;
imageEl.height = height;
imageEl.crossOrigin = "anonymous";
imageEl.onload = () => {
try {
// Draw the image with a canvas.
@ -687,7 +685,6 @@ function downloadSvgAsPng(nameWithoutExtension: string, svgContent: string) {
}
ctx?.drawImage(imageEl, 0, 0);
URL.revokeObjectURL(imageEl.src);
const imgUri = canvasEl.toDataURL("image/png")
triggerDownload(`${nameWithoutExtension}.png`, imgUri);
@ -698,7 +695,8 @@ function downloadSvgAsPng(nameWithoutExtension: string, svgContent: string) {
reject();
}
};
imageEl.src = URL.createObjectURL(svgBlob);
imageEl.onerror = (e) => reject(e);
imageEl.src = `data:image/svg+xml;charset=utf-8,${encodeURIComponent(svgContent)}`;
});
}