kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,923 Commits 1 Branch 0 Tags
a6a3affff96254d5bd3b66b0e2b378e114f470c6
Commit Graph

772 Commits

Author SHA1 Message Date
Joe Littlejohn
90f641059f On complete, ignore fragments that don't contain useful information 
Auth providers like Facebook and Google tend to add garbage fragments
onto OAuth 2.0 redirect URIs to stop malicious fragments being
maintained through the flow. This change ensures that those fragments
aren't mistakenly used to attempt to complete login.

If the fragment contains a code, token or error, it is assumed to be the
correct place to find data provided by the auth provider.
 2016-11-27 17:16:10 +00:00
Stéphane Leroy
5def48cf99 Fix jsonEditor parameters when an operation is on multiple tags 2016-11-25 18:20:15 +01:00
TANAKA Koichi
3494d44d3f Implement OAuth2 client authentication for password and application flow 2016-11-24 17:30:52 +09:00
TANAKA Koichi
f2a1caa379 Add validation for oauth password flow 2016-11-24 17:04:41 +09:00
TANAKA Koichi
7cdf83a932 Implement OAuth2 password flow 2016-11-24 17:04:41 +09:00
Tony Tam
3c0fac249f removed blob special logic for strings 2016-11-23 23:40:03 -08:00
Tony Tam
d963302c72 only pass selected scopes 2016-11-23 20:54:54 -08:00
Tony Tam
0dfc59fc21 Merge pull request #2489 from joelittlejohn/patch-1 
Avoid using Facebook garbage fragment to complete login
 2016-11-23 20:16:01 -08:00
Tony Tam
ee3556490a Merge branch 'fix_model_rendering' of https://github.com/Vayu/swagger-ui into Vayu-fix_model_rendering 2016-11-23 20:10:21 -08:00
Tony Tam
49a1169878 merged 2016-11-23 16:47:04 -08:00
Tony Tam
7e426ac0cd preservation, proper parsing of examples 2016-11-23 16:30:49 -08:00
Tony Tam
65d81745ed blob handling, render download link for application/octet-stream 2016-11-23 12:00:13 -08:00
Tony Tam
47ab2a32c0 added sanitization of scopes per #2483 2016-11-22 19:46:42 -08:00
Valery Yundin
3bd42590cc Extend list of allowed tags to fix Model rendering. Fixes 2504 2016-11-17 16:50:45 +01:00
Tony Tam
81e897a07a checks for window 2016-11-14 11:34:50 -08:00
Tony Tam
a63dc0c51b use model variables instead of window 2016-11-14 11:00:04 -08:00
Joe Littlejohn
1b18429eca Avoid using Facebook garbage fragment to complete login 
Facebook adds a nonsense fragment to all redirect URIs when returning a code. This stops a fragments being surreptitiously passed through the authorization flow.

See http://stackoverflow.com/questions/7131909/facebook-callback-appends-to-return-url

Before this change, the presence of Facebook's garbage fragment would break the Swagger UI complete page, as having any fragment value at all will cause the complete page to ignore the query string. This change avoids using the fragment if it looks to be useless.
 2016-11-07 14:58:13 +00:00
Petr Pchelko
1dc709446a Use filename from content-disposition in a download link 2016-11-01 14:00:07 -07:00
morrissh
60cf928e51 Added meta tag to force IE11 to use edge document mode 2016-10-31 08:28:44 -07:00
Tony Tam
2ad57cab6b added type check 2016-10-13 15:44:06 -07:00
Olivier Mengué
d2c9189a7c Feature: add responseHooks option for callbacks on responses 
Add a responseHooks option that allows the user to process the response
of an API call.
The responseHooks option is an object where key is an operationId and
value is a function that receives the XHR response object and the
OperationView object.

Use case: process authentication requests done with the "Try out!"
button to inject apiKey in the AuthView and the router on success.
 2016-09-30 12:03:34 +02:00
Chuck Goss
87ef5c1f72 Fix font src attribute 
The `format('truetype')` bit should not be preceded by a comma. It breaks in Chrome (at least).

See https://css-tricks.com/snippets/css/using-font-face/ for an example.
 2016-09-28 15:21:46 -05:00
Tony Tam
cf96414f78 removed unused var 2016-09-15 10:39:34 -07:00
Tony Tam
80e548df0a no more blob conversions 2016-09-15 10:35:01 -07:00
Tony Tam
4bdaeba797 treat blobs as binary, render images w/o image url 2016-09-15 01:07:08 -07:00
John Tompkins
1ce3dada00 fix params showing as undefined 2016-09-04 15:28:23 -04:00
Anna Bodnia
c385e24839 moved sanitize-html to swagger-ui instead of calling in index.html 2016-09-01 18:49:54 +03:00
Anna Bodnia
f87eaaa810 replaced satinize with sanitize-html 2016-09-01 16:09:44 +03:00
Anna Bodnia
d3856a8bfa fixes #2346 remove unnecessary escaping of model signature 2016-08-24 14:00:05 +03:00
Anna Bodnia
a1aea70f2c fixed tag xss issue 2016-08-23 18:26:50 +03:00
Anna Bodnia
45ec53e81a fixed expand operation by click 2016-08-19 00:19:55 +03:00
Anna Bodnia
eaf59c1e8c fixed sanitize handlebars helper to accept not only strings 2016-08-18 17:42:10 +03:00
Anna Bodnia
11f1263a62 fix for xss issue 2016-08-17 20:55:23 +03:00
Tony Tam
6c4ccf7a6d Merge pull request #1660 from dalbani/patch-2 
Fix calculation of operation "number" property
 2016-08-11 12:15:52 +02:00
Tony Tam
432d2793db Merge branch 'master' of github.com:swagger-api/swagger-ui 2016-08-10 14:12:25 +02:00
Tony Tam
ef0c392c48 simplified logic 2016-08-10 14:11:21 +02:00
Tony Tam
dd75674746 Merge branch 'master' of https://github.com/mikexliu/swagger-ui into mikexliu-master 2016-08-10 14:09:59 +02:00
Tony Tam
465164e361 Merge pull request #1656 from dalbani/patch-1 
Simplify online validator URL building (HTTP[S]?)
 2016-08-10 13:52:36 +02:00
Tony Tam
aa31d9a24e Merge pull request #2293 from PeterDaveHelloKitchen/image-optimize 
optimize png images using zopflipng
 2016-08-10 13:43:09 +02:00
Tony Tam
d3bf3b9a63 updated in source 2016-08-10 13:33:25 +02:00
Anna Bodnia
c51c683424 fixed failing jshint 2016-08-09 15:26:19 +03:00
Anna Bodnia
20daf3c79e added version into handlebars file name 2016-08-09 14:55:01 +03:00
Anna Bodnia
6a00aa8e98 Merge branch 'feature/issue-2306_' of /Users/bodnia/Documents/work/prj/swagger-ui with conflicts. 2016-08-08 19:12:11 +03:00
Marco Süß
cd57350dcd fix hitting return key in HeaderView 
This fixes return key behaviour in Chrome. Steps to reproduce:
- open Swagger UI in Chrome
- modify URL of swagger spec
- hit 'return'

Expected behaviour: load swagger.json from new URL
Observed behaviour before applying this fix: the whole page will reload
with the default swagger petstore URL in the input field.
 2016-08-04 16:04:01 +02:00
Mike Liu
4cb3a01943 if param.schema doesn't exist, then the line will fail 
use single quotes
 2016-07-28 13:47:25 -07:00
Peter Dave Hello
08402d297e optimize png images using zopflipng 2016-07-22 14:27:44 +08:00
Tony Tam
6f8599d1a5 Merge pull request #2289 from tcaesvk/master 
fix options.oauth2RedirectUrl to work
 2016-07-21 07:47:09 -07:00
Anna Bodnia
571313d09b fixes #2167 2016-07-21 16:18:31 +03:00
김 재석
f3ec1b62a7 fix options.oauth2RedirectUrl to work 2016-07-21 16:48:50 +09:00
Tony Tam
cc2d47aba6 merged 2016-07-20 19:19:04 -07:00