swagger-ui

Author SHA1 Message Date

Author	SHA1	Message	Date
Vladimir Gorej	a616cb471d	fix(Markdown): render markdown in more secure way This commit changes markdown sanitization behaviour in following way: class, style and data-* attributes are removed by default. These attributes open possible vulnerability vectors to attackers. The original behavior of sanitizer (before this commit) can be enabled by useUnsafeMarkdown configuration option. Use this configuration option with caution and only in cases when you know what you're doing.	2020-06-11 21:51:15 +02:00
Segev Finer	be72c292ca	feature: add `withCredentials` configuration key (via #5149 ) * Add the withCredentials configuration key It enables passing credentials in CORS requests. e.g. Cookies and Authorization headers. * Improve withCredentials documentation * Add unit tests for the withCredentials config * Update configuration.md * Update configuration.md * only set `withCredentials` Fetch flag if the config value is truthy there are some workarounds in the wild today that involve setting `withCredentials` on `system.fn.fetch` directly. this approach avoids mangling those existing workarounds! * add more test cases * Update configs-wrap-actions.js * Update index.js	2019-03-20 12:36:08 -07:00
kyle	31a8b13777	feature: full-spectrum runtime Docker configuration (via #4965 ) * reorganize docker things * Configurator WIP * implement Docker runtime config generator * add tests * update documentation * fix Markdown tables * Move Docker section * add note to README * move up `nodejs` install for more aggressive caching * drop exclusive test * fix missing `DISPLAY_OPERATION_ID`	2018-11-01 14:53:29 -04:00

Vladimir Gorej

a616cb471d

fix(Markdown): render markdown in more secure way

This commit changes markdown sanitization behaviour in following way:

class, style and data-* attributes are removed by default. These attributes
open possible vulnerability vectors to attackers.

The original behavior of sanitizer (before this commit) can be enabled by *useUnsafeMarkdown* configuration option.
Use this configuration option with caution and only in cases when you know
what you're doing.

2020-06-11 21:51:15 +02:00

Segev Finer

be72c292ca

feature: add withCredentials configuration key (via #5149 )

* Add the withCredentials configuration key

It enables passing credentials in CORS requests. e.g. Cookies and
Authorization headers.

* Improve withCredentials documentation

* Add unit tests for the withCredentials config

* Update configuration.md

* Update configuration.md

* only set `withCredentials` Fetch flag if the config value is truthy

there are some workarounds in the wild today that involve setting `withCredentials` on `system.fn.fetch` directly. 

this approach avoids mangling those existing workarounds!

* add more test cases

* Update configs-wrap-actions.js

* Update index.js

2019-03-20 12:36:08 -07:00

kyle

31a8b13777

feature: full-spectrum runtime Docker configuration (via #4965 )

* reorganize docker things

* Configurator WIP

* implement Docker runtime config generator

* add tests

* update documentation

* fix Markdown tables

* Move Docker section

* add note to README

* move up `nodejs` install for more aggressive caching

* drop exclusive test

* fix missing `DISPLAY_OPERATION_ID`

2018-11-01 14:53:29 -04:00

3 Commits