This commit changes markdown sanitization behaviour in following way:
class, style and data-* attributes are removed by default. These attributes
open possible vulnerability vectors to attackers.
The original behavior of sanitizer (before this commit) can be enabled by *useUnsafeMarkdown* configuration option.
Use this configuration option with caution and only in cases when you know
what you're doing.
* Add empty data param to cURL if no request body was given
Some middleware applications do not allow POST requests without a content-length header. By adding a empty data parameter to the curl command, the content-length header will be set by curl. Besides this it is more obvious to the user that no request body is sent.
* use double quotes like the rest of the curl command
bug: JsonSchema components should validate schema properties exists
- schema
- type
- format
- enum
bug: fix a debounce error in JsonSchema_string if value is null
ft: new simplified JsonSchemaArrayItemText component
test: use immutableJS for `json-schema-form` test
test: add dev scripts to run `cypress open`
test: new cypress `schema-form` tests
This is a force-pushed squash of two PR merges (#5919, #5940) that were
formerly present on master as individual commits.
Co-Authored-By: kyle shockey <kyleshockey@gmail.com>
* Fix basic-auth.jsx: do not require password in UI
password is not PropTypes.string.isRequired, but the markup wrongly makes it mandatory
* Do not require password input in http-auth.jsx
This is used by the Authorize modal. Not sure when the similar code from basic-auth.jsx is used.
Co-authored-by: kyle shockey <kyle.shockey1@gmail.com>
* Added optional isShownKey prop to Componenent to allow overriding
* Removed unneccasry before is isShwonKey
* Added PropTypes to isShownKey
* Added isShownKey to <OperationWrapper/> and removed it from <Operation />
* Removed isShwonKey prop it from <Operation />
* revert package-lock.json
Co-authored-by: kyle shockey <kyleshockey@gmail.com>
* Feature: Render OAS3 parameter type formats
* Add more test cases to parameter-row
* Update test/mocha/components/parameter-row.jsx
Co-Authored-By: Helen Kosova <hkosova@users.noreply.github.com>
* Update src/core/components/parameter-row.jsx
Co-authored-by: Helen Kosova <hkosova@users.noreply.github.com>
Co-authored-by: kyle shockey <kyleshockey@gmail.com>
* clears authentications when logout is clicked
* tests the headers sent in the network request
* adds test for multiple api keys
* refactors tests to extract common uses
* correct test message description
Co-authored-by: kyle shockey <kyleshockey@gmail.com>
* patch(#5672): code highlight styles are now only applied to pre blocks that have the class pre.microlight
* fixed pre style appied to .request-url
* fixed response-headers and request-duration pre blocks
* made pre.microlight class as per review
* added microlight class to appropriate pre and added tests
* improve(getParameterSchema): ParameterSchemaDescriptor pattern
* chore: update usage of `getParameterSchema`
* consider `Parameter.content` media type when validating JSON values
* add `getParameterSchema` OAS helper
* use `Parameter.content.[firstKey].schema` as schema value when present
* `newValue` -> `initialValue`
* make `paramWithMeta` a const
* add trailing comma to `swagger2SchemaKeys`
* refactor `helpers` to a folder
* deprecate `src/core/utils.js` in favor of `src/core/helpers/`
* support `Parameter.content.[mediaType].schema` in validateParam
* reject `null` as an OAS3 object value
* expose Fetch errors in the browser console
* generate ParameterRow default values based on `content` values
* add tests for `getParameterSchema`
* remove debugger statement
* remove debugger statement
* don't apply `generatedSampleValue`s to parameters with `examples`
* remove extra semi
* disable JSON check in parameter runtime validation
* stringify JsonSchema_object textarea values
* add Cypress tests
* swagger-client@3.9.4
This should fix this warning seen in the console when using `swagger-ui-react`:
```
Warning: Received the string `true` for the boolean attribute `readOnly`. Although this works, it will not work as expected if you pass the string "false". Did you mean readOnly={true}?
in textarea (created by Curl)
in div (created by Curl)
in div (created by Curl)
in Curl (created by LiveResponse)
in div (created by LiveResponse)
in LiveResponse (created by Responses)
```
I did not test this change because it's trivial and there is no behavioural change here, React treats non-empty string attributes as `true`.
