Merge branch 'bug/3163-markdown-xss' of github.com:shockey/swagger-ui into bug/3163-markdown-xss

README.md

@@ -41,7 +41,9 @@ Will start nginx with swagger-ui on port 80.
 
 If you just want to see your specs, open `dist/index.html` in your browser directly from your filesystem.
 
-If you'd like to make modifications to the codebase, run the dev server with: `npm run dev`.
+If you'd like to make modifications to the codebase, run the dev server with: `npm run dev`. A development server will open on `3200`.
+
+If you'd like to rebuild the `/dist` folder with your codebase changes, run `npm run build`.
 
 ##### Browser support
 Swagger UI works in the latest versions of Chrome, Safari, Firefox, Edge and IE11.
@@ -138,7 +140,7 @@ let preset = [
 #### Configs plugin
 Configs plugin allows to fetch external configs instead of passing them to `SwaggerUIBundle`. Fetched configs support two formats: JSON or yaml. The plugin is enabled by default. 
 There are three options of passing config:
-- add a query parameter `config` with URL to a server where the configs are hosted. For ex. http://petstore.swagger.io/?configs=http://localhost:3001/config.yaml
+- add a query parameter `config` with URL to a server where the configs are hosted. For ex. http://petstore.swagger.io/?config=http://localhost:3001/config.yaml
 - add a config `configUrl` with URL to SwaggerUIBundle
 - change default configs in `swagger-config.yaml` *Note: after changing, the project must be re-built*
 

dist/swagger-ui-bundle.js.map

@@ -1 +1 @@
-{"version":3,"file":"swagger-ui-bundle.js","sources":["webpack:///swagger-ui-bundle.js"],"mappings":"AAAA;AAu/FA;AA6+FA;;;;;;;;;;;;;;;;;;;;;;;;;;AAyTA;;;;;;AAoIA;AAi7FA;AAmtCA;AAi0IA;AA0oJA;AAgwFA;AAyrGA;AA0lFA;AA4nFA;AA+9CA;AAmhDA;AAmrCA;AAg1EA;;;;;AAwoCA;AAsyJA;;;;;;;;;;;;;;AA64EA;AA4mIA;AAquJA;AA2qHA;AA2mGA;AAiiEA;AAq4DA;AAg3DA;AAgRA;;;;;;AAs5FA;AAw3FA;;;;;AAkgDA;AAgsFA;AAw2CA;AA6kCA;AA68CA;AAsgFA;AAq2FA;;;;;;;;;AAkpDA;AA2zIA;AAk4DA;AA8mDA","sourceRoot":""}
+{"version":3,"file":"swagger-ui-bundle.js","sources":["webpack:///swagger-ui-bundle.js"],"mappings":"AAAA;AAu/FA;AA6+FA;;;;;;;;;;;;;;;;;;;;;;;;;;AAseA;AAkoJA;AAwiCA;AAo9GA;AAw5HA;AAkvGA;AAy7EA;AAoqDA;AAm/CA;AA6jDA;AAk/CA;;;;;AAw2CA;AAmwJA;;;;;;;;;;;;;;AA8sEA;AAyoIA;AAiuJA;AA8kHA;AAonGA;AAukEA;AA02DA;AA45EA;AAu/FA;;;;;;AA04FA;AAk7FA;;;;;AAy/CA;AA2qFA;AAw2CA;AA6kCA;AA68CA;AA+wEA;AA47FA;;;;;;;;;AA48BA;AA2zIA;AAk4DA;AA8mDA;;;;;;AA+9BA;AA8iHA;AAipGA","sourceRoot":""}

dist/swagger-ui-standalone-preset.js.map

@@ -1 +1 @@
-{"version":3,"file":"swagger-ui-standalone-preset.js","sources":["webpack:///swagger-ui-standalone-preset.js"],"mappings":"AAAA;;;;;AA8QA;AAmvGA;AAuxFA;;;;;;AAocA;AAkvFA;AAu+CA;AAo+CA;AAgrCA;AAuyEA","sourceRoot":""}
+{"version":3,"file":"swagger-ui-standalone-preset.js","sources":["webpack:///swagger-ui-standalone-preset.js"],"mappings":"AAAA;;;;;AA+PA;AAyiGA;AAwxFA;;;;;;AA0bA;AAkvFA;AAu+CA;AAo+CA;AAgrCA;AAgyEA","sourceRoot":""}

dist/swagger-ui.js.map

@@ -1 +1 @@
-{"version":3,"file":"swagger-ui.js","sources":["webpack:///swagger-ui.js"],"mappings":"AAAA;;;;;;AA0yCA;AAoyHA;AAgyHA;AAwkGA;AA48BA;AAokCA;AA8iCA;AAs6BA","sourceRoot":""}
+{"version":3,"file":"swagger-ui.js","sources":["webpack:///swagger-ui.js"],"mappings":"AAAA;;;;;;AA0yCA;AAoyHA;AAgyHA;AAykGA;AA48BA;AAokCA;AA8iCA;AAs6BA","sourceRoot":""}

src/core/components/auth/oauth2.jsx

@@ -140,8 +140,8 @@ export default class Oauth2 extends React.Component {
                   isAuthorized ? <code> { this.state.passwordType } </code>
                     : <Col tablet={10} desktop={10}>
                       <select id="password_type" data-name="passwordType" onChange={ this.onInputChange }>
-                        <option value="basic">Basic auth</option>
                         <option value="request-body">Request body</option>
+                        <option value="basic">Basic auth</option>
                         <option value="query">Query parameters</option>
                       </select>
                     </Col>

src/core/plugins/auth/actions.js

@@ -91,7 +91,7 @@ export const authorizePassword = ( auth ) => ( { authActions } ) => {
         query.client_secret = clientSecret
       }
     } else {
-      Object.assign(form, {client_id: clientId}, {client_secret: clientSecret})
+      headers.Authorization = "Basic " + btoa(clientId + ":" + clientSecret)
     }
   }
 
@@ -100,14 +100,15 @@ export const authorizePassword = ( auth ) => ( { authActions } ) => {
 
 export const authorizeApplication = ( auth ) => ( { authActions } ) => {
   let { schema, scopes, name, clientId, clientSecret } = auth
+  let headers = {
+    Authorization: "Basic " + btoa(clientId + ":" + clientSecret)
+  }
   let form = {
     grant_type: "client_credentials",
-    client_id: clientId,
-    client_secret: clientSecret,
     scope: scopes.join(scopeSeparator)
   }
 
-  return authActions.authorizeRequest({body: buildFormData(form), name, url: schema.get("tokenUrl"), auth })
+  return authActions.authorizeRequest({body: buildFormData(form), name, url: schema.get("tokenUrl"), auth, headers })
 }
 
 export const authorizeAccessCode = ( { auth, redirectUrl } ) => ( { authActions } ) => {

src/style/_information.scss

@@ -13,13 +13,18 @@
             font-size: 12px;
         }
     }
-    p
+    p, li, table
     {
         font-size: 14px;
 
         @include text_body();
     }
 
+    h1, h2, h3, h4, h5
+    {
+        @include text_body();
+    }
+
     code
     {
         padding: 3px 5px;

webpack-hot-dev-server.config.js

@@ -10,11 +10,13 @@ module.exports = require("./make-webpack-config")({
 	devtool: "eval",
   entry: {
     'swagger-ui-bundle': [
+      'webpack/hot/dev-server',
       'babel-polyfill',
-      './src/core/index.js'
+      './src/core/index.js',
     ],
     'swagger-ui-standalone-preset': [
-      './src/standalone/index.js'
+      'webpack/hot/dev-server',
+      './src/standalone/index.js',
     ]
   },
   output: {