This commit changes markdown sanitization behaviour in following way:
class, style and data-* attributes are removed by default. These attributes
open possible vulnerability vectors to attackers.
The original behavior of sanitizer (before this commit) can be enabled by *useUnsafeMarkdown* configuration option.
Use this configuration option with caution and only in cases when you know
what you're doing.
bug: JsonSchema components should validate schema properties exists
- schema
- type
- format
- enum
bug: fix a debounce error in JsonSchema_string if value is null
ft: new simplified JsonSchemaArrayItemText component
test: use immutableJS for `json-schema-form` test
test: add dev scripts to run `cypress open`
test: new cypress `schema-form` tests
* add opt-in Prettier config
* remove legacy `examples` implementation
* create ExamplesSelect
* support `Response.examples` in OpenAPI 3
* create response controls group
* prettier reformat
* prepare to break up Parameters
* reunify Parameters and OAS3 Parameters
* Parameter Examples
* Example component
* handle parameter value stringification correctly
* FOR REVIEW: add prop for controlling Select
* use regular header for param examples in Try-It-Out
* manage active examples member via Redux
* Request Body Try-It-Out examples
* remove special Response description styling
* omit Example value display in Try-It-Out
* support disabled text inputs in JsonSchemaForm
* Example.omitValue => Example.showValue
* ExamplesSelectValueRetainer
* styling for disabled inputs
* remove console.log
* support "Modified Values" in ExamplesSelect
* remove Examples component
(wasn't used anywhere)
* use ParameterRow.getParamKey for active examples member keying
* split-rendering of examples in ParameterRow
* send disabled prop to JsonSchemaForm
* use content type to key request body active examples members
* remove debugger
* rewire RequestBodyEditor to be a controlled component
REVIEW: does this have perf implications?
* trigger synthetic onSelect events in ExamplesSelect
* prettier updates
* remove outdated Examples usage in RequestBody
* don't handle examples changes in ESVR
* make RequestBodyEditor semi-controlled
* don't default to an empty Map for request bodies
* add namespaceKey to ESVR for state mgmt
* don't key RequestBody activeExampleKeys on media type
* tweak ESVR isModifiedValueSelected calculation
* add trace class to ExamplesSelect
* remove usage of ESVR.currentNamespace
* reset to first example if currentExampleKey is invalid
* add default values to RequestBody rendering
* stringify things in ESVR
* avoid null select value (silences React warning)
* detect user inputs that match any examples member's value
* add trace class for json-schema-array
* shallowly convert namespace state, to preserve Immutable stucts in state
* stringify RBE values; don't trim JSON in editor
* match user input to an example when non-primitives are expressed in state as strings
* update Cypress
* don't apply sample values in JsonSchema_Object
* support disabling all JsonSchemaForm subcomponents
* Core tests
* style changes to accomodate Examples
* fix version-checking error in Response
* disable SCU for Responses
* don't stringify Select values
* ModelExample: default to Model tab if no example is available; provide a default no example message
* don't trim JSON ParamBody inputs
* read directly from 2.0 Response.schema instead of inferring a value
* show current Example information in RequestBody
* show label for Examples dropdown by default
* rework Response content ordering
* style disabled textareas like other read-only blocks
* meta: fix sourcemaps
* refactor ESVR setNameForNamespace
* protect second half of ternary expession
* cypress: `select.examples-select` => `.examples-select > select`
* clarify ModelExample.componentWillReceiveProps
* add gates/defaults to prevent issues in very bare-boned documents
* fix test block organization problem
* simplify RequestBodyEditor interface
* linter fixes
* prettier updates
* use plugin system for new components
* move ME Cypress helpers to other file
* add baseline tests
* coerce empty strings to null when updating parameter values
* add ParameterIncludeEmpty
* add redux management for empty parameter value inclusion state
* use name+in keying for state management instead of hash keying
* update new redux method usages to name+in keying
* coerce empty Immutable iterables in onChangeWrapper
* OAS3 tests & support
* add included empty parameters to requests before dispatching to Swagger Client
* make empty inclusion interface prettier
* add tests for #4587
* linter fixes
* check for truthy value before reaching into property
* v3.17.6
* release(3.17.6): rebuild dist
* add failing tests
* fix Link component
* fix OnlineValidatorBadge component
* switch from <a> to <Link> in operation components
* make Markdown inputs safe
* use Link component in Info block, for target safety
* add eslint rule for unsafe `target` usage
* set new bundlesize goal
* preserve `GeneratorFunction` instead of all function names
* use js-yaml fork that doesn't require esprima
* set HTML content directly, instead of using React-Markdown
* use remarkable for all Markdown rendering
* add babel-plugin-transform-react-remove-prop-types
* remove SplitPaneMode plugin
* remove react-collapse
* remove AST plugin, and yaml-js
* trim Markdown HTML string output before rendering
* disable obsolete function name preservation
* add `getComponent` to propTypes
* allow param update by identity + hashed value storage
* add specActions.changeParamByIdentity
* add identity-based lookup support in spec selectors
* migrate `changeParam` usage to `changeParamByIdentity`
* migrate usage of `parameterWithMeta` to `parameterWithMetaByIdentity`
* update invocations of `changeParamByIdentity` to match fn signature
* use OrderedMap throughout hash-based selectors for consistency
* normalize usage of ParameterRow `onChange`
* migrate bug 4557 tests to reflect new ParameterRow interface
* remove exclusive test blocks
* linter fixes
* copy Parameters changes into OAS3 wrapper
* use rawParam for meta lookups in ParameterRow
* fix(validator-badge): resolve definition URLs against browser location
* use param as meta parameter if not found
* convert request body from Immutable if necessary
* show file upload for `format: binary` and `format: base64` jsonschema strings
* add `dispatchInitialValue` prop to JsonSchemaForm
* add optional subkey parameter to onChange
* add binary media type support to request body
* Adding enum values for Enum Type in Swagger ReadOnly documentation
* Adding enum values for Enum Type in Swagger ReadOnly documentation (optimisation) and also adding default/example value
* Add new display enums, defaults, and examples when not in TIO mode (another way to have enums values in swagger.json)
* Fix npm test result
* review corrections
* fix: don't render parameter description if field is empty
* use cross-version schema variable to access properties
* pass className through Markdown component usage
* add per-field classNames to Markdown for easier styling + testing
* remove parameter Example field (out-of-scope for this PR)
* get default value from schema instead of top-level parameter
* tests: add e2e cases for swagger2 and oas3
* remove `swagger-petstore-enum.json`
the purpose of this file lives on in the e2e test specs folder
* add missing proptypes validation
* use `classnames` to more effectively union class names
* Use `parameterWithMeta` to get parameter data in <ParameterRow>
* Prefer specPath when fetching resolved subtrees in OperationContainer
* Add test for OAS3 callback rendering
* Remove debugger statement
