From 1dd87ce26ecbfe7a96955be36f0a29c42d1a5bbd Mon Sep 17 00:00:00 2001
From: kyle <shockey@users.noreply.github.com>
Date: Wed, 10 Apr 2019 16:04:33 -0700
Subject: [PATCH] fix: refuse to render non-string Markdown field values (via
 #5295)

---
 src/core/components/providers/markdown.jsx         | 4 ++++
 src/core/plugins/oas3/wrap-components/markdown.jsx | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/src/core/components/providers/markdown.jsx b/src/core/components/providers/markdown.jsx
index ee2ddec2..69c5cc1d 100644
--- a/src/core/components/providers/markdown.jsx
+++ b/src/core/components/providers/markdown.jsx
@@ -19,6 +19,10 @@ DomPurify.addHook("beforeSanitizeElements", function (current, ) {
 const isPlainText = (str) => /^[A-Z\s0-9!?\.]+$/gi.test(str)
 
 function Markdown({ source, className = "" }) {
+    if (typeof source !== "string") {
+      return null
+    }
+
     if(isPlainText(source)) {
       // If the source text is not Markdown,
       // let's save some time and just render it.
diff --git a/src/core/plugins/oas3/wrap-components/markdown.jsx b/src/core/plugins/oas3/wrap-components/markdown.jsx
index 51c44a05..432333e6 100644
--- a/src/core/plugins/oas3/wrap-components/markdown.jsx
+++ b/src/core/plugins/oas3/wrap-components/markdown.jsx
@@ -10,6 +10,10 @@ parser.block.ruler.enable(["table"])
 parser.set({ linkTarget: "_blank" })
 
 export const Markdown = ({ source, className = "" }) => {
+  if(typeof source !== "string") {
+    return null
+  }
+  
   if ( source ) {
     const html = parser.render(source)
     const sanitized = sanitizer(html)
-- 
GitLab