Merge branch 'bodnia-feature/add-sanitize-html'
This commit is contained in:
Tony Tam
@@ -32,6 +32,7 @@
|
||||
"SwaggerUi": false,
|
||||
"jsyaml": false,
|
||||
"define": false,
|
||||
"sanitizeHtml": false,
|
||||
|
||||
// Global object
|
||||
// TODO: remove these
|
||||
|
||||
6
dist/lib/sanitize-html.min.js
vendored
Normal file
6
dist/lib/sanitize-html.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
51
dist/swagger-ui.js
vendored
51
dist/swagger-ui.js
vendored
File diff suppressed because one or more lines are too long
22
dist/swagger-ui.min.js
vendored
22
dist/swagger-ui.min.js
vendored
File diff suppressed because one or more lines are too long
@@ -50,6 +50,7 @@ function _dist() {
|
||||
return es.merge(
|
||||
gulp.src([
|
||||
'./node_modules/es5-shim/es5-shim.js',
|
||||
'./lib/sanitize-html.min.js',
|
||||
'./src/main/javascript/**/*.js',
|
||||
'./node_modules/swagger-client/browser/swagger-client.js'
|
||||
]),
|
||||
|
||||
6
lib/sanitize-html.min.js
vendored
Normal file
6
lib/sanitize-html.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
@@ -8,7 +8,7 @@
|
||||
}
|
||||
],
|
||||
"description": "Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API",
|
||||
"version": "2.2.2",
|
||||
"version": "2.2.3",
|
||||
"homepage": "http://swagger.io",
|
||||
"license": "Apache-2.0",
|
||||
"main": "dist/swagger-ui.js",
|
||||
|
||||
@@ -1,34 +1,22 @@
|
||||
'use strict';
|
||||
/*jslint eqeq: true*/
|
||||
|
||||
var _sanitize = function(html) {
|
||||
// Strip the script tags from the html and inline evenhandlers
|
||||
html = html.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '');
|
||||
html = html.replace(/(on\w+="[^"]*")*(on\w+='[^']*')*(on\w+=\w*\(\w*\))*/gi, '');
|
||||
Handlebars.registerHelper('sanitize', function (text) {
|
||||
var result;
|
||||
|
||||
return html;
|
||||
};
|
||||
if (text === undefined) { return ''; }
|
||||
|
||||
var sanitize =function (html) {
|
||||
var _html;
|
||||
result = sanitizeHtml(text, {
|
||||
allowedTags: [ 'div', 'span', 'b', 'i', 'em', 'strong', 'a' ],
|
||||
allowedAttributes: {
|
||||
'div': [ 'class' ],
|
||||
'span': [ 'class' ],
|
||||
'a': [ 'href' ]
|
||||
}
|
||||
});
|
||||
|
||||
if ( _.isUndefined(html) || _.isNull(html)) {
|
||||
return new Handlebars.SafeString('');
|
||||
}
|
||||
|
||||
if (_.isNumber(html)) {
|
||||
return new Handlebars.SafeString(html);
|
||||
}
|
||||
|
||||
if (_.isObject(html)){
|
||||
_html = JSON.stringify(html);
|
||||
return new Handlebars.SafeString(JSON.parse(_sanitize(_html)));
|
||||
}
|
||||
|
||||
return new Handlebars.SafeString(_sanitize(html));
|
||||
};
|
||||
|
||||
Handlebars.registerHelper('sanitize', sanitize);
|
||||
return new Handlebars.SafeString(result);
|
||||
});
|
||||
|
||||
Handlebars.registerHelper('renderTextParam', function(param) {
|
||||
var result, type = 'text', idAtt = '';
|
||||
@@ -55,7 +43,7 @@ Handlebars.registerHelper('renderTextParam', function(param) {
|
||||
idAtt = ' id=\'' + valueId + '\'';
|
||||
}
|
||||
|
||||
defaultValue = sanitize(defaultValue);
|
||||
defaultValue = sanitizeHtml(defaultValue);
|
||||
|
||||
if(isArray) {
|
||||
result = '<textarea class=\'body-textarea' + (param.required ? ' required' : '') + '\' name=\'' + name + '\'' + idAtt + dataVendorExtensions;
|
||||
|
||||
@@ -96,7 +96,7 @@ SwaggerUi.Views.MainView = Backbone.View.extend({
|
||||
id = id + '_' + counter;
|
||||
counter += 1;
|
||||
}
|
||||
resource.id = SwaggerUi.utils.sanitize(id);
|
||||
resource.id = sanitizeHtml(id);
|
||||
resources[id] = resource;
|
||||
this.addResource(resource, this.model.auths);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user