kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve(sanitizer): add more allowed attributes (#4194)

Browse Source 
* Add a couple of items to the sanitizeOptions

*  Strings must use doublequote  quotes
This commit is contained in:
Helder Sepulveda
2018-02-07 22:51:15 -05:00
committed by kyle
parent 7fd229fe72
commit f2a8ed07e0
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/core/components/providers/markdown.jsx
View File

@@ -29,10 +29,12 @@ Markdown.propTypes = {
export default Markdown
const sanitizeOptions = {
allowedTags: sanitize.defaults.allowedTags.concat([ "h1", "h2", "img" ]),
allowedTags: sanitize.defaults.allowedTags.concat([ "h1", "h2", "img", "span" ]),
allowedAttributes: {
...sanitize.defaults.allowedAttributes,
"img": sanitize.defaults.allowedAttributes.img.concat(["title"])
"img": sanitize.defaults.allowedAttributes.img.concat(["title"]),
"td": [ "colspan" ],
"*": [ "class" ]
},
textFilter: function(text) {
return text.replace(/"/g, "\"")

12
test/components/markdown.js
View File

@@ -7,6 +7,18 @@ import { Markdown as OAS3Markdown } from "corePlugins/oas3/wrap-components/markd
describe("Markdown component", function() {
describe("Swagger 2.0", function() {
it("allows span elements with class attrib", function() {
const str = `<span class="method">ONE</span>`
const el = render(<Markdown source={str} />)
expect(el.html()).toEqual(`<div class="markdown"><p><span class="method">ONE</span></p>\n</div>`)
})
it("allows td elements with colspan attrib", function() {
const str = `<table><tr><td>ABC</td></tr></table>`
const el = render(<Markdown source={str} />)
expect(el.html()).toEqual(`<div class="markdown"><table><tr><td>ABC</td></tr></table></div>`)
})
it("allows image elements", function() {
const str = `![Image alt text](http://image.source "Image title")`
const el = render(<Markdown source={str} />)