kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed sanitize handlebars helper to accept not only strings

Browse Source
This commit is contained in:
Anna Bodnia
2016-08-18 17:42:10 +03:00
parent 11f1263a62
commit eaf59c1e8c
3 changed files with 52 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
dist/swagger-ui.js vendored
View File

File diff suppressed because one or more lines are too long

18
dist/swagger-ui.min.js vendored
View File

File diff suppressed because one or more lines are too long

20
src/main/javascript/helpers/handlebars.js
View File

@@ -1,12 +1,26 @@
'use strict'; 'use strict';
/*jslint eqeq: true*/ /*jslint eqeq: true*/
var sanitize = function(html) { var _sanitize = function(html) {
html = html || ''; // Strip the script tags from the html and inline evenhandlers
// Strip the script tags from the html, and return it as a Handlebars.SafeString
html = html.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, ''); html = html.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '');
html = html.replace(/(on\w+="[^"]*")*(on\w+='[^']*')*(on\w+=\w*\(\w*\))*/gi, ''); html = html.replace(/(on\w+="[^"]*")*(on\w+='[^']*')*(on\w+=\w*\(\w*\))*/gi, '');
return html;
};
var sanitize =function (html) {
var _html;
if( _.isUndefined(html) || _.isNull(html) || _.isNumber(html)) {
return new Handlebars.SafeString(html); return new Handlebars.SafeString(html);
}
if (_.isObject(html)){
_html = JSON.stringify(html);
return new Handlebars.SafeString(JSON.parse(_sanitize(_html)));
}
return new Handlebars.SafeString(_sanitize(html));
}; };
Handlebars.registerHelper('sanitize', sanitize); Handlebars.registerHelper('sanitize', sanitize);