Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-27 18:12:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(mermaid): bypass security issue when generating PNG

Browse Source
This commit is contained in:
Elian Doran 2025-03-31 21:18:40 +03:00
parent 3d0ec27038
commit 6976c9555e
No known key found for this signature in database
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/public/app/services/utils.ts
View File

@ -665,14 +665,12 @@ function downloadSvgAsPng(nameWithoutExtension: string, svgContent: string) {
// Convert the image to a blob. // Convert the image to a blob.
const { width, height } = result; const { width, height } = result;
const svgBlob = new Blob([ svgContent ], {
type: SVG_MIME
})
// Create an image element and load the SVG. // Create an image element and load the SVG.
const imageEl = new Image(); const imageEl = new Image();
imageEl.width = width; imageEl.width = width;
imageEl.height = height; imageEl.height = height;
imageEl.crossOrigin = "anonymous";
imageEl.onload = () => { imageEl.onload = () => {
try { try {
// Draw the image with a canvas. // Draw the image with a canvas.
@ -687,7 +685,6 @@ function downloadSvgAsPng(nameWithoutExtension: string, svgContent: string) {
} }
ctx?.drawImage(imageEl, 0, 0); ctx?.drawImage(imageEl, 0, 0);
URL.revokeObjectURL(imageEl.src);
const imgUri = canvasEl.toDataURL("image/png") const imgUri = canvasEl.toDataURL("image/png")
triggerDownload(`${nameWithoutExtension}.png`, imgUri); triggerDownload(`${nameWithoutExtension}.png`, imgUri);
@ -698,7 +695,8 @@ function downloadSvgAsPng(nameWithoutExtension: string, svgContent: string) {
reject(); reject();
} }
}; };
imageEl.src = URL.createObjectURL(svgBlob); imageEl.onerror = (e) => reject(e);
imageEl.src = `data:image/svg+xml;charset=utf-8,${encodeURIComponent(svgContent)}`;
}); });
} }