bubblev
/
swagger-ui
4
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Fix potential self XSS in request url.

bubble
Samuel Reed 10 years ago
parent
ec81d25cb0
commit
5da60bfa62
3 changed files with 10 additions and 6 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -2
      dist/swagger-ui.js
  2. +1
    -1
      dist/swagger-ui.min.js
  3. +5
    -3
      src/main/coffeescript/view/OperationView.coffee

+ 4
- 2
dist/swagger-ui.js View File

@@ -1810,7 +1810,8 @@ helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
}
}
this.invocationUrl = this.model.supportHeaderParams() ? (headerParams = this.model.getHeaderParams(map), this.model.urlify(map, false)) : this.model.urlify(map, true);
$(".request_url", $(this.el)).html("<pre>" + this.invocationUrl + "</pre>");
$(".request_url", $(this.el)).html("<pre></pre>");
$(".request_url pre", $(this.el)).text(this.invocationUrl);
obj = {
type: this.model.method,
url: this.invocationUrl,
@@ -2006,7 +2007,8 @@ helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
pre = $('<pre class="json" />').append(code);
}
response_body = pre;
$(".request_url", $(this.el)).html("<pre>" + url + "</pre>");
$(".request_url", $(this.el)).html("<pre></pre>");
$(".request_url pre", $(this.el)).text(url);
$(".response_code", $(this.el)).html("<pre>" + response.status + "</pre>");
$(".response_body", $(this.el)).html(response_body);
$(".response_headers", $(this.el)).html("<pre>" + _.escape(JSON.stringify(response.headers, null, " ")).replace(/\n/g, "<br>") + "</pre>");


+ 1
- 1
dist/swagger-ui.min.js
File diff suppressed because it is too large
View File


+ 5
- 3
src/main/coffeescript/view/OperationView.coffee View File

@@ -186,8 +186,9 @@ class OperationView extends Backbone.View
else
@model.urlify(map, true)

$(".request_url", $(@el)).html "<pre>" + @invocationUrl + "</pre>"

$(".request_url", $(@el)).html("<pre></pre>")
$(".request_url pre", $(@el)).text(@invocationUrl);
obj =
type: @model.method
url: @invocationUrl
@@ -356,7 +357,8 @@ class OperationView extends Backbone.View
pre = $('<pre class="json" />').append(code)

response_body = pre
$(".request_url", $(@el)).html "<pre>" + url + "</pre>"
$(".request_url", $(@el)).html("<pre></pre>")
$(".request_url pre", $(@el)).text(url);
$(".response_code", $(@el)).html "<pre>" + response.status + "</pre>"
$(".response_body", $(@el)).html response_body
$(".response_headers", $(@el)).html "<pre>" + _.escape(JSON.stringify(response.headers, null, " ")).replace(/\n/g, "<br>") + "</pre>"


Write Preview
Loading…
Cancel
Save