This commit changes markdown sanitization behaviour in following way:
class, style and data-* attributes are removed by default. These attributes
open possible vulnerability vectors to attackers.
The original behavior of sanitizer (before this commit) can be enabled by *useUnsafeMarkdown* configuration option.
Use this configuration option with caution and only in cases when you know
what you're doing.
bug: JsonSchema components should validate schema properties exists
- schema
- type
- format
- enum
bug: fix a debounce error in JsonSchema_string if value is null
ft: new simplified JsonSchemaArrayItemText component
test: use immutableJS for `json-schema-form` test
test: add dev scripts to run `cypress open`
test: new cypress `schema-form` tests
* Fix basic-auth.jsx: do not require password in UI
password is not PropTypes.string.isRequired, but the markup wrongly makes it mandatory
* Do not require password input in http-auth.jsx
This is used by the Authorize modal. Not sure when the similar code from basic-auth.jsx is used.
Co-authored-by: kyle shockey <kyle.shockey1@gmail.com>
* Feature: Render OAS3 parameter type formats
* Add more test cases to parameter-row
* Update test/mocha/components/parameter-row.jsx
Co-Authored-By: Helen Kosova <hkosova@users.noreply.github.com>
* Update src/core/components/parameter-row.jsx
Co-authored-by: Helen Kosova <hkosova@users.noreply.github.com>
Co-authored-by: kyle shockey <kyleshockey@gmail.com>
* clears authentications when logout is clicked
* tests the headers sent in the network request
* adds test for multiple api keys
* refactors tests to extract common uses
* correct test message description
Co-authored-by: kyle shockey <kyleshockey@gmail.com>
* patch(#5672): code highlight styles are now only applied to pre blocks that have the class pre.microlight
* fixed pre style appied to .request-url
* fixed response-headers and request-duration pre blocks
* made pre.microlight class as per review
* added microlight class to appropriate pre and added tests
* improve(getParameterSchema): ParameterSchemaDescriptor pattern
* chore: update usage of `getParameterSchema`
* consider `Parameter.content` media type when validating JSON values
* add `getParameterSchema` OAS helper
* use `Parameter.content.[firstKey].schema` as schema value when present
* `newValue` -> `initialValue`
* make `paramWithMeta` a const
* add trailing comma to `swagger2SchemaKeys`
* refactor `helpers` to a folder
* deprecate `src/core/utils.js` in favor of `src/core/helpers/`
* support `Parameter.content.[mediaType].schema` in validateParam
* reject `null` as an OAS3 object value
* expose Fetch errors in the browser console
* generate ParameterRow default values based on `content` values
* add tests for `getParameterSchema`
* remove debugger statement
* remove debugger statement
* don't apply `generatedSampleValue`s to parameters with `examples`
* remove extra semi
* disable JSON check in parameter runtime validation
* stringify JsonSchema_object textarea values
* add Cypress tests
* swagger-client@3.9.4
This should fix this warning seen in the console when using `swagger-ui-react`:
```
Warning: Received the string `true` for the boolean attribute `readOnly`. Although this works, it will not work as expected if you pass the string "false". Did you mean readOnly={true}?
in textarea (created by Curl)
in div (created by Curl)
in div (created by Curl)
in Curl (created by LiveResponse)
in div (created by LiveResponse)
in LiveResponse (created by Responses)
```
I did not test this change because it's trivial and there is no behavioural change here, React treats non-empty string attributes as `true`.
* add opt-in Prettier config
* remove legacy `examples` implementation
* create ExamplesSelect
* support `Response.examples` in OpenAPI 3
* create response controls group
* prettier reformat
* prepare to break up Parameters
* reunify Parameters and OAS3 Parameters
* Parameter Examples
* Example component
* handle parameter value stringification correctly
* FOR REVIEW: add prop for controlling Select
* use regular header for param examples in Try-It-Out
* manage active examples member via Redux
* Request Body Try-It-Out examples
* remove special Response description styling
* omit Example value display in Try-It-Out
* support disabled text inputs in JsonSchemaForm
* Example.omitValue => Example.showValue
* ExamplesSelectValueRetainer
* styling for disabled inputs
* remove console.log
* support "Modified Values" in ExamplesSelect
* remove Examples component
(wasn't used anywhere)
* use ParameterRow.getParamKey for active examples member keying
* split-rendering of examples in ParameterRow
* send disabled prop to JsonSchemaForm
* use content type to key request body active examples members
* remove debugger
* rewire RequestBodyEditor to be a controlled component
REVIEW: does this have perf implications?
* trigger synthetic onSelect events in ExamplesSelect
* prettier updates
* remove outdated Examples usage in RequestBody
* don't handle examples changes in ESVR
* make RequestBodyEditor semi-controlled
* don't default to an empty Map for request bodies
* add namespaceKey to ESVR for state mgmt
* don't key RequestBody activeExampleKeys on media type
* tweak ESVR isModifiedValueSelected calculation
* add trace class to ExamplesSelect
* remove usage of ESVR.currentNamespace
* reset to first example if currentExampleKey is invalid
* add default values to RequestBody rendering
* stringify things in ESVR
* avoid null select value (silences React warning)
* detect user inputs that match any examples member's value
* add trace class for json-schema-array
* shallowly convert namespace state, to preserve Immutable stucts in state
* stringify RBE values; don't trim JSON in editor
* match user input to an example when non-primitives are expressed in state as strings
* update Cypress
* don't apply sample values in JsonSchema_Object
* support disabling all JsonSchemaForm subcomponents
* Core tests
* style changes to accomodate Examples
* fix version-checking error in Response
* disable SCU for Responses
* don't stringify Select values
* ModelExample: default to Model tab if no example is available; provide a default no example message
* don't trim JSON ParamBody inputs
* read directly from 2.0 Response.schema instead of inferring a value
* show current Example information in RequestBody
* show label for Examples dropdown by default
* rework Response content ordering
* style disabled textareas like other read-only blocks
* meta: fix sourcemaps
* refactor ESVR setNameForNamespace
* protect second half of ternary expession
* cypress: `select.examples-select` => `.examples-select > select`
* clarify ModelExample.componentWillReceiveProps
* add gates/defaults to prevent issues in very bare-boned documents
* fix test block organization problem
* simplify RequestBodyEditor interface
* linter fixes
* prettier updates
* use plugin system for new components
* move ME Cypress helpers to other file
* implement a selector for consumes options
* fix incorrect comment, test names
* add `consumesOptionsFor` selector
* use `consumesOptionsFor` and drop `operationConsumes`
