2 files changed, 7 insertions, 1 deletions

diff --git a/app/assets/javascripts/behaviors/markdown/render_mermaid.js b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
index 3f878949f9b..d78c456ed5b 100644
--- a/app/assets/javascripts/behaviors/markdown/render_mermaid.js
+++ b/app/assets/javascripts/behaviors/markdown/render_mermaid.js
@@ -75,7 +75,7 @@ export function initMermaid(mermaid) {
 
 function importMermaidModule() {
   return import(/* webpackChunkName: 'mermaid' */ 'mermaid')
-    .then((mermaid) => {
+    .then(({ default: mermaid }) => {
       mermaidModule = initMermaid(mermaid);
     })
     .catch((err) => {
diff --git a/app/assets/javascripts/blob/openapi/index.js b/app/assets/javascripts/blob/openapi/index.js
index cb251274b18..b19cc19cb8c 100644
--- a/app/assets/javascripts/blob/openapi/index.js
+++ b/app/assets/javascripts/blob/openapi/index.js
@@ -1,5 +1,6 @@
 import { SwaggerUIBundle } from 'swagger-ui-dist';
 import createFlash from '~/flash';
+import { removeParams, updateHistory } from '~/lib/utils/url_utility';
 import { __ } from '~/locale';
 
 export default () => {
@@ -7,9 +8,14 @@ export default () => {
 
   Promise.all([import(/* webpackChunkName: 'openapi' */ 'swagger-ui-dist/swagger-ui.css')])
     .then(() => {
+      // Temporary fix to prevent an XSS attack due to "useUnsafeMarkdown"
+      // Once we upgrade Swagger to "4.0.0", we can safely remove this as it will be deprecated
+      // Follow-up issue: https://gitlab.com/gitlab-org/gitlab/-/issues/339696
+      updateHistory({ url: removeParams(['useUnsafeMarkdown']), replace: true });
       SwaggerUIBundle({
         url: el.dataset.endpoint,
         dom_id: '#js-openapi-viewer',
+        useUnsafeMarkdown: false,
       });
     })
     .catch((error) => {