Mermaid diagrams are sent to internet

oxygenxml / dita-ot-diagrams-plugin

Dynamically convert PlantUML content inside DITA topics to SVG

Apache License 2.0

9 stars 3 forks source link

Mermaid diagrams are sent to internet #8

Open hcw70 opened 1 year ago

hcw70 commented 1 year ago

Just stumbled upon this in the source. Mermaid diagrams are not rendered directly but are base64 encoded and sent to the mermaid server.

This has 2 problems:

Maybe private diagram data is sent out to a remote entity for rendering.
Rendering will only work if connected to the internet.

This should either be disabled / reworked for local rendering, or stated clearly in the docs.

raducoravu commented 1 year ago

@hcw70 thanks for the feedback, I added a small "Security" section to the plugin's "Readme" explaining this: https://github.com/oxygenxml/dita-ot-diagrams-plugin Other than sending the diagram to the Mermaid web service I'm not sure how the rendering could be made to work locally.

hcw70 commented 1 year ago

Rendering may be done locally due to npm installing the package i thing. Maybe the url for the server needs to be adjustable in your plugin, so any user can setup its own server.

raducoravu commented 1 year ago

@hcw70 interesting, indeed you can define parameters in the plugin.xml and then pass values to them when publishing. Then I will leave this issue opened if someone wants to contribute a pull request.