kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix potential self XSS in request url.

Browse Source
This commit is contained in:
Samuel Reed
2014-08-24 08:38:11 -04:00
parent ec81d25cb0
commit 5da60bfa62
3 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/coffeescript/view/OperationView.coffee
View File

@@ -186,8 +186,9 @@ class OperationView extends Backbone.View
else
@model.urlify(map, true)
$(".request_url", $(@el)).html "<pre>" + @invocationUrl + "</pre>"
$(".request_url", $(@el)).html("<pre></pre>")
$(".request_url pre", $(@el)).text(@invocationUrl);
obj =
type: @model.method
url: @invocationUrl
@@ -356,7 +357,8 @@ class OperationView extends Backbone.View
pre = $('<pre class="json" />').append(code)
response_body = pre
$(".request_url", $(@el)).html "<pre>" + url + "</pre>"
$(".request_url", $(@el)).html("<pre></pre>")
$(".request_url pre", $(@el)).text(url);
$(".response_code", $(@el)).html "<pre>" + response.status + "</pre>"
$(".response_body", $(@el)).html response_body
$(".response_headers", $(@el)).html "<pre>" + _.escape(JSON.stringify(response.headers, null, " ")).replace(/\n/g, "<br>") + "</pre>"