kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix issue #1866, XSS in content types from schema.

Browse Source
This commit is contained in:
joev
2016-01-12 23:08:45 -06:00
parent 3abf8d2c0d
commit 50c713a261
5 changed files with 25 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
dist/swagger-ui.js vendored
View File

@@ -21,12 +21,12 @@ this["Handlebars"]["templates"]["content_type"] = Handlebars.template({"1":funct
if (stack1 != null) { buffer += stack1; } if (stack1 != null) { buffer += stack1; }
return buffer; return buffer;
},"2":function(depth0,helpers,partials,data) { },"2":function(depth0,helpers,partials,data) {
var stack1, lambda=this.lambda, escapeExpression=this.escapeExpression, buffer = " <option value=\"" var lambda=this.lambda, escapeExpression=this.escapeExpression;
return " <option value=\""
+ escapeExpression(lambda(depth0, depth0)) + escapeExpression(lambda(depth0, depth0))
+ "\">"; + "\">"
stack1 = lambda(depth0, depth0); + escapeExpression(lambda(depth0, depth0))
if (stack1 != null) { buffer += stack1; } + "</option>\n";
return buffer + "</option>\n";
},"4":function(depth0,helpers,partials,data) { },"4":function(depth0,helpers,partials,data) {
return " <option value=\"application/json\">application/json</option>\n"; return " <option value=\"application/json\">application/json</option>\n";
},"compiler":[6,">= 2.0.0-beta.1"],"main":function(depth0,helpers,partials,data) { },"compiler":[6,">= 2.0.0-beta.1"],"main":function(depth0,helpers,partials,data) {
@@ -801,12 +801,12 @@ this["Handlebars"]["templates"]["parameter_content_type"] = Handlebars.template(
if (stack1 != null) { buffer += stack1; } if (stack1 != null) { buffer += stack1; }
return buffer; return buffer;
},"2":function(depth0,helpers,partials,data) { },"2":function(depth0,helpers,partials,data) {
var stack1, lambda=this.lambda, escapeExpression=this.escapeExpression, buffer = " <option value=\"" var lambda=this.lambda, escapeExpression=this.escapeExpression;
return " <option value=\""
+ escapeExpression(lambda(depth0, depth0)) + escapeExpression(lambda(depth0, depth0))
+ "\">"; + "\">"
stack1 = lambda(depth0, depth0); + escapeExpression(lambda(depth0, depth0))
if (stack1 != null) { buffer += stack1; } + "</option>\n";
return buffer + "</option>\n";
},"4":function(depth0,helpers,partials,data) { },"4":function(depth0,helpers,partials,data) {
return " <option value=\"application/json\">application/json</option>\n"; return " <option value=\"application/json\">application/json</option>\n";
},"compiler":[6,">= 2.0.0-beta.1"],"main":function(depth0,helpers,partials,data) { },"compiler":[6,">= 2.0.0-beta.1"],"main":function(depth0,helpers,partials,data) {
@@ -862,12 +862,12 @@ this["Handlebars"]["templates"]["response_content_type"] = Handlebars.template({
if (stack1 != null) { buffer += stack1; } if (stack1 != null) { buffer += stack1; }
return buffer; return buffer;
},"2":function(depth0,helpers,partials,data) { },"2":function(depth0,helpers,partials,data) {
var stack1, lambda=this.lambda, escapeExpression=this.escapeExpression, buffer = " <option value=\"" var lambda=this.lambda, escapeExpression=this.escapeExpression;
return " <option value=\""
+ escapeExpression(lambda(depth0, depth0)) + escapeExpression(lambda(depth0, depth0))
+ "\">"; + "\">"
stack1 = lambda(depth0, depth0); + escapeExpression(lambda(depth0, depth0))
if (stack1 != null) { buffer += stack1; } + "</option>\n";
return buffer + "</option>\n";
},"4":function(depth0,helpers,partials,data) { },"4":function(depth0,helpers,partials,data) {
return " <option value=\"application/json\">application/json</option>\n"; return " <option value=\"application/json\">application/json</option>\n";
},"compiler":[6,">= 2.0.0-beta.1"],"main":function(depth0,helpers,partials,data) { },"compiler":[6,">= 2.0.0-beta.1"],"main":function(depth0,helpers,partials,data) {

14
dist/swagger-ui.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
src/main/template/content_type.handlebars
View File

@@ -2,7 +2,7 @@
<select name="contentType" id="{{contentTypeId}}"> <select name="contentType" id="{{contentTypeId}}">
{{#if produces}} {{#if produces}}
{{#each produces}} {{#each produces}}
<option value="{{this}}">{{{this}}}</option> <option value="{{this}}">{{this}}</option>
{{/each}} {{/each}}
{{else}} {{else}}
<option value="application/json">application/json</option> <option value="application/json">application/json</option>

2
src/main/template/parameter_content_type.handlebars
View File

@@ -2,7 +2,7 @@
<select name="parameterContentType" id="{{parameterContentTypeId}}"> <select name="parameterContentType" id="{{parameterContentTypeId}}">
{{#if consumes}} {{#if consumes}}
{{#each consumes}} {{#each consumes}}
<option value="{{this}}">{{{this}}}</option> <option value="{{this}}">{{this}}</option>
{{/each}} {{/each}}
{{else}} {{else}}
<option value="application/json">application/json</option> <option value="application/json">application/json</option>

2
src/main/template/response_content_type.handlebars
View File

@@ -2,7 +2,7 @@
<select name="responseContentType" id="{{responseContentTypeId}}"> <select name="responseContentType" id="{{responseContentTypeId}}">
{{#if produces}} {{#if produces}}
{{#each produces}} {{#each produces}}
<option value="{{this}}">{{{this}}}</option> <option value="{{this}}">{{this}}</option>
{{/each}} {{/each}}
{{else}} {{else}}
<option value="application/json">application/json</option> <option value="application/json">application/json</option>