DOMPurify.addHook function not available in Mermaid when parsing text #6531
Comments
|
We currently don't support Node as a runtime, so our team won't be able to prioritize a fix. |
|
✅ Fix provided: DOMPurify I’ve resolved the issue with Key changes:
const { window } = new JSDOM("");
const DOMPurify = createDOMPurify(window);
(global as any).window = window;
(global as any).DOMPurify = DOMPurify;This allows Let me know if you'd like me to open a PR with this fix! 🙌 |
Fixed for Now.. |
Description
I encountered an issue while using the Mermaid library (both version 10.x.x and the latest version) in a Node.js environment. When I attempt to parse Mermaid diagrams using mermaid.parse(), I encounter the following error:
vbnet
Copy
Edit
Error: DOMPurify.addHook is not a function
This error seems to be related to the way DOMPurify is being used or initialized within Mermaid.
Steps to reproduce
Install mermaid (v10.x.x or the latest version) in your project.
bash
Copy
Edit
npm install mermaid
Set up a basic Node.js application and try using the mermaid.parse() function to parse a Mermaid diagram.
Ensure that securityLevel is set to 'strict' or that sanitization is enabled, which internally uses DOMPurify.
Run the application with a diagram text passed to the API endpoint.
The error DOMPurify.addHook is not a function occurs during the parsing of the diagram.
Screenshots
Code Sample
Setup
Setup:
Ensure Node.js is installed (version 18.x.x or higher).
Create a new Node.js project or use an existing one.
Install express and mermaid as dependencies:
bash
Copy
Edit
npm install express mermaid
Create the server file (server.js) and paste the above code.
Start the server by running:
bash
Copy
Edit
node server.js
Make a POST request to http://localhost:4000/api/validate-mermaid with a Mermaid diagram text in the body.
Suggested Solutions
Suggested Solutions:
Update Mermaid: Ensure that you are using the latest version of mermaid that supports the most recent changes to DOMPurify. If the issue is related to the integration of DOMPurify in Mermaid, updating to the latest version may resolve the issue.
Use securityLevel: 'none': As a temporary workaround, you can set securityLevel to 'none' to bypass sanitization, but this is not recommended for production environments as it may expose the application to security risks:
javascript
Copy
Edit
mermaid.initialize({
securityLevel: 'none', // No sanitization
theme: 'default',
startOnLoad: false,
});
Manual DOMPurify Configuration: If you need sanitization enabled, try manually configuring DOMPurify and passing it to mermaid instead of relying on the built-in sanitization:
javascript
Copy
Edit
const DOMPurify = require('dompurify');
const mermaid = require('mermaid');
mermaid.initialize({
sanitize: true,
purify: DOMPurify, // Explicitly pass DOMPurify
});
Additional Context
Additional Context:
Versions: This issue occurs in both version 10.x.x and the latest version of mermaid.
Error Message: The error DOMPurify.addHook is not a function is thrown during the parsing of Mermaid diagrams.
Environment:
Mermaid Version: v10.x.x and latest
Node.js Version: 18.x.x
DOMPurify Version: Latest (if installed manually)
Operating System: macOS (or specify your OS)
Error Handling: The error prevents Mermaid from successfully parsing the diagram unless sanitization is disabled, which is not a suitable long-term solution due to security concerns.
Request:
Could you provide guidance or a fix to prevent this error while maintaining sanitization enabled?
Is this a known issue with the integration of DOMPurify in Mermaid?
Are there any specific steps for correctly configuring DOMPurify within Mermaid to avoid this error?
The text was updated successfully, but these errors were encountered: