kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed tag xss issue

Browse Source
This commit is contained in:
Anna Bodnia
2016-08-23 18:26:50 +03:00
parent 45ec53e81a
commit a1aea70f2c
12 changed files with 70 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/javascript/utils/utils.js
View File

@@ -68,5 +68,13 @@ window.SwaggerUi.utils = {
}
return result;
},
sanitize: function(html) {
// Strip the script tags from the html and inline evenhandlers
html = html.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '');
html = html.replace(/(on\w+="[^"]*")*(on\w+='[^']*')*(on\w+=\w*\(\w*\))*/gi, '');
return html;
}
};