From 5a452580b38e3de81fad5cc91e01f54dac79d262 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Thu, 22 Jul 2021 20:54:36 +0100
Subject: [PATCH 1/4] Make Mermaid.js limit configurable

Add `MERMAID_MAX_SOURCE_CHARACTERS` to `[markup]` settings
to make the maximum size of a mermaid render configurable.

Fix #16513

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 custom/conf/app.example.ini                           | 9 +++++++++
 docs/content/doc/advanced/config-cheat-sheet.en-us.md | 2 ++
 modules/setting/markup.go                             | 6 ++++--
 modules/templates/helper.go                           | 1 +
 templates/base/head.tmpl                              | 1 +
 web_src/js/markup/mermaid.js                          | 6 +++---
 6 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 576414d19357..8fe461d09f1b 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1985,6 +1985,15 @@ PATH =
 ;; Show template execution time in the footer
 ;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
 
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[markup]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Set the maximum number of characters in a mermaid source. (Set to -1 to disable limits.)
+;MERMAID_MAX_SOURCE_CHARACTERS = 5000
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[markup.sanitizer.1]
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index 0d3349f2dce7..c1ed2befcc69 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -882,6 +882,8 @@ NB: You must have `DISABLE_ROUTER_LOG` set to `false` for this option to take ef
 
 ## Markup (`markup`)
 
+- `MERMAID_MAX_SOURCE_CHARACTERS`: **5000**: Set the maximum size of a Mermaid source. (Set to -1 to disable.)
+
 Gitea can support Markup using external tools. The example below will add a markup named `asciidoc`.
 
 ```ini
diff --git a/modules/setting/markup.go b/modules/setting/markup.go
index 31ec1dd2eb6e..0bf679771215 100644
--- a/modules/setting/markup.go
+++ b/modules/setting/markup.go
@@ -15,8 +15,9 @@ import (
 
 // ExternalMarkupRenderers represents the external markup renderers
 var (
-	ExternalMarkupRenderers []*MarkupRenderer
-	ExternalSanitizerRules  []MarkupSanitizerRule
+	ExternalMarkupRenderers    []*MarkupRenderer
+	ExternalSanitizerRules     []MarkupSanitizerRule
+	MermaidMaxSourceCharacters int
 )
 
 // MarkupRenderer defines the external parser configured in ini
@@ -40,6 +41,7 @@ type MarkupSanitizerRule struct {
 }
 
 func newMarkup() {
+	MermaidMaxSourceCharacters = Cfg.Section("markup").Key("MERMAID_MAX_SOURCE_CHARACTERS").MustInt(5000)
 	ExternalMarkupRenderers = make([]*MarkupRenderer, 0, 10)
 	ExternalSanitizerRules = make([]MarkupSanitizerRule, 0, 10)
 
diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index f9b2dafd22a1..6b6ed9fd00e3 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -390,6 +390,7 @@ func NewFuncMap() []template.FuncMap {
 			html += "</span>"
 			return template.HTML(html)
 		},
+		"MermaidMaxSourceCharacters": setting.MermaidMaxSourceCharacters,
 	}}
 }
 
diff --git a/templates/base/head.tmpl b/templates/base/head.tmpl
index 5091eda1e996..328661eb9dec 100644
--- a/templates/base/head.tmpl
+++ b/templates/base/head.tmpl
@@ -60,6 +60,7 @@
 				{{ end }}
 			]).values()),
 			{{end}}
+			MermaidMaxSourceCharacters: {{MermaidMaxSourceCharacters}},
 		};
 	</script>
 	<link rel="icon" href="{{AssetUrlPrefix}}/img/logo.svg" type="image/svg+xml">
diff --git a/web_src/js/markup/mermaid.js b/web_src/js/markup/mermaid.js
index d0aefd1aff97..a5bd0e235cf4 100644
--- a/web_src/js/markup/mermaid.js
+++ b/web_src/js/markup/mermaid.js
@@ -1,4 +1,4 @@
-const MAX_SOURCE_CHARACTERS = 5000;
+const {MermaidMaxSourceCharacters} = window.config;
 
 function displayError(el, err) {
   el.closest('pre').classList.remove('is-loading');
@@ -26,8 +26,8 @@ export async function renderMermaid(els) {
   });
 
   for (const el of els) {
-    if (el.textContent.length > MAX_SOURCE_CHARACTERS) {
-      displayError(el, new Error(`Mermaid source of ${el.textContent.length} characters exceeds the maximum allowed length of ${MAX_SOURCE_CHARACTERS}.`));
+    if (MermaidMaxSourceCharacters >= 0 && el.textContent.length > MermaidMaxSourceCharacters) {
+      displayError(el, new Error(`Mermaid source of ${el.textContent.length} characters exceeds the maximum allowed length of ${MermaidMaxSourceCharacters}.`));
       continue;
     }
 

From 01dd8a2d8d74f67cdc83583f65324cc690bf5e08 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Thu, 22 Jul 2021 22:33:30 +0100
Subject: [PATCH 2/4] fixup! Make Mermaid.js limit configurable

---
 modules/templates/helper.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index 6b6ed9fd00e3..d4913f7c4177 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -390,7 +390,9 @@ func NewFuncMap() []template.FuncMap {
 			html += "</span>"
 			return template.HTML(html)
 		},
-		"MermaidMaxSourceCharacters": setting.MermaidMaxSourceCharacters,
+		"MermaidMaxSourceCharacters": func() int {
+			return setting.MermaidMaxSourceCharacters
+		},
 	}}
 }
 

From 068730526caeeb10bfd1cb7a9d8b3565a57bd6a2 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Fri, 23 Jul 2021 10:00:59 +0100
Subject: [PATCH 3/4] Update custom/conf/app.example.ini

Co-authored-by: silverwind <me@silverwind.io>
---
 custom/conf/app.example.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 8fe461d09f1b..6ea31586a74d 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1991,7 +1991,7 @@ PATH =
 ;[markup]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Set the maximum number of characters in a mermaid source. (Set to -1 to disable limits.)
+;; Set the maximum number of characters in a mermaid source. (Set to -1 to disable limits)
 ;MERMAID_MAX_SOURCE_CHARACTERS = 5000
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

From 2a659108d67c9d56132a5fc04c91bb322fefaac1 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Fri, 23 Jul 2021 11:04:41 +0100
Subject: [PATCH 4/4] Update
 docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: silverwind <me@silverwind.io>
---
 docs/content/doc/advanced/config-cheat-sheet.en-us.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index c1ed2befcc69..9e69d6843d3b 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -882,7 +882,7 @@ NB: You must have `DISABLE_ROUTER_LOG` set to `false` for this option to take ef
 
 ## Markup (`markup`)
 
-- `MERMAID_MAX_SOURCE_CHARACTERS`: **5000**: Set the maximum size of a Mermaid source. (Set to -1 to disable.)
+- `MERMAID_MAX_SOURCE_CHARACTERS`: **5000**: Set the maximum size of a Mermaid source. (Set to -1 to disable)
 
 Gitea can support Markup using external tools. The example below will add a markup named `asciidoc`.