Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
Sunny_yiyi
Swagger Ui
提交
6815f1d7
S
Swagger Ui
项目概览
Sunny_yiyi
/
Swagger Ui
通知
4
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
Swagger Ui
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
6815f1d7
编写于
10月 12, 2017
作者:
K
kyle
提交者:
GitHub
10月 12, 2017
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'master' into bug/auth-display-regression
上级
6cf6a856
13f88899
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
141 addition
and
8 deletion
+141
-8
package.json
package.json
+1
-1
src/core/components/providers/markdown.jsx
src/core/components/providers/markdown.jsx
+4
-1
src/core/components/response-body.jsx
src/core/components/response-body.jsx
+5
-1
src/core/plugins/download-url.js
src/core/plugins/download-url.js
+4
-1
src/core/plugins/oas3/wrap-components/markdown.js
src/core/plugins/oas3/wrap-components/markdown.js
+8
-2
src/style/_layout.scss
src/style/_layout.scss
+2
-2
test/components/markdown.js
test/components/markdown.js
+48
-0
test/xss/info-sanitization.js
test/xss/info-sanitization.js
+33
-0
test/xss/markdown-script-sanitization.js
test/xss/markdown-script-sanitization.js
+36
-0
未找到文件。
package.json
浏览文件 @
6815f1d7
...
...
@@ -32,7 +32,7 @@
"test"
:
"npm run lint-errors && npm run just-test-in-node"
,
"test-in-node"
:
"npm run lint-errors && npm run just-test-in-node"
,
"just-test"
:
"karma start --config karma.conf.js"
,
"just-test-in-node"
:
"mocha --recursive --compilers js:babel-core/register test/core test/components test/bugs test/swagger-ui-dist-package"
,
"just-test-in-node"
:
"mocha --recursive --compilers js:babel-core/register test/core test/components test/bugs test/swagger-ui-dist-package
test/xss
"
,
"test-e2e"
:
"sleep 3 && nightwatch test/e2e/scenarios/ --config test/e2e/nightwatch.json"
,
"e2e-initial-render"
:
"nightwatch test/e2e/scenarios/ --config test/e2e/nightwatch.json --group initial-render"
,
"mock-api"
:
"json-server --watch test/e2e/db.json --port 3204"
,
...
...
src/core/components/providers/markdown.jsx
浏览文件 @
6815f1d7
...
...
@@ -29,7 +29,10 @@ Markdown.propTypes = {
export
default
Markdown
const
sanitizeOptions
=
{
allowedTags
:
sanitize
.
defaults
.
allowedTags
.
concat
([
"
img
"
]),
allowedTags
:
sanitize
.
defaults
.
allowedTags
.
concat
([
"
h1
"
,
"
h2
"
,
"
img
"
]),
allowedAttributes
:
{
"
img
"
:
sanitize
.
defaults
.
allowedAttributes
.
img
.
concat
([
"
title
"
])
},
textFilter
:
function
(
text
)
{
return
text
.
replace
(
/"/g
,
"
\"
"
)
}
...
...
src/core/components/response-body.jsx
浏览文件 @
6815f1d7
...
...
@@ -83,8 +83,12 @@ export default class ResponseBody extends React.Component {
// Anything else (CORS)
}
else
if
(
typeof
content
===
"
string
"
)
{
bodyEl
=
<
HighlightCode
value
=
{
content
}
/>
}
else
{
}
else
if
(
content
.
size
>
0
)
{
// We don't know the contentType, but there was some content returned
bodyEl
=
<
div
>
Unknown response type
</
div
>
}
else
{
// We don't know the contentType and there was no content returned
bodyEl
=
null
}
return
(
!
bodyEl
?
null
:
<
div
>
...
...
src/core/plugins/download-url.js
浏览文件 @
6815f1d7
...
...
@@ -7,13 +7,16 @@ export default function downloadUrlPlugin (toolbox) {
let
{
fn
}
=
toolbox
const
actions
=
{
download
:
(
url
)
=>
({
errActions
,
specSelectors
,
specActions
})
=>
{
download
:
(
url
)
=>
({
errActions
,
specSelectors
,
specActions
,
getConfigs
})
=>
{
let
{
fetch
}
=
fn
const
config
=
getConfigs
()
url
=
url
||
specSelectors
.
url
()
specActions
.
updateLoadingStatus
(
"
loading
"
)
fetch
({
url
,
loadSpec
:
true
,
requestInterceptor
:
config
.
requestInterceptor
||
(
a
=>
a
),
responseInterceptor
:
config
.
responseInterceptor
||
(
a
=>
a
),
credentials
:
"
same-origin
"
,
headers
:
{
"
Accept
"
:
"
application/json,*/*
"
...
...
src/core/plugins/oas3/wrap-components/markdown.js
浏览文件 @
6815f1d7
import
React
from
"
react
"
import
PropTypes
from
"
prop-types
"
import
ReactMarkdown
from
"
react-markdown
"
import
{
Parser
,
HtmlRenderer
}
from
"
commonmark
"
import
{
OAS3ComponentWrapFactory
}
from
"
../helpers
"
import
{
sanitizer
}
from
"
core/components/providers/markdown
"
export
default
OAS3ComponentWrapFactory
(
({
source
})
=>
{
export
const
Markdown
=
({
source
})
=>
{
if
(
source
)
{
const
parser
=
new
Parser
()
const
writer
=
new
HtmlRenderer
()
...
...
@@ -23,4 +24,9 @@ export default OAS3ComponentWrapFactory(({ source }) => {
)
}
return
null
})
\ No newline at end of file
}
Markdown
.
propTypes
=
{
source
:
PropTypes
.
string
}
export
default
OAS3ComponentWrapFactory
(
Markdown
)
\ No newline at end of file
src/style/_layout.scss
浏览文件 @
6815f1d7
...
...
@@ -543,14 +543,14 @@
.response-col_description__inner
{
spa
n
div
.markdown
,
div
.renderedMarkdow
n
{
font-size
:
12px
;
font-style
:
italic
;
display
:
block
;
margin
:
10px
0
;
margin
:
0
;
padding
:
10px
;
border-radius
:
4px
;
...
...
test/components/markdown.js
0 → 100644
浏览文件 @
6815f1d7
/* eslint-env mocha */
import
React
from
"
react
"
import
expect
from
"
expect
"
import
{
render
}
from
"
enzyme
"
import
Markdown
from
"
components/providers/markdown
"
import
{
Markdown
as
OAS3Markdown
}
from
"
corePlugins/oas3/wrap-components/markdown.js
"
describe
(
"
Markdown component
"
,
function
()
{
describe
(
"
Swagger 2.0
"
,
function
()
{
it
(
"
allows image elements
"
,
function
()
{
const
str
=
`![Image alt text](http://image.source "Image title")`
const
el
=
render
(
<
Markdown
source
=
{
str
}
/>
)
expect
(
el
.
html
()).
toEqual
(
`<div class="markdown"><p><img src="http://image.source" title="Image title"></p>\n</div>`
)
})
it
(
"
allows heading elements
"
,
function
()
{
const
str
=
`
# h1
## h2
### h3
#### h4
##### h5
###### h6`
const
el
=
render
(
<
Markdown
source
=
{
str
}
/>
)
expect
(
el
.
html
()).
toEqual
(
`<div class="markdown"><h1>h1</h1>\n<h2>h2</h2>\n<h3>h3</h3>\n<h4>h4</h4>\n<h5>h5</h5>\n<h6>h6</h6>\n</div>`
)
})
})
describe
(
"
OAS 3
"
,
function
()
{
it
(
"
allows image elements
"
,
function
()
{
const
str
=
`![Image alt text](http://image.source "Image title")`
const
el
=
render
(
<
OAS3Markdown
source
=
{
str
}
/>
)
expect
(
el
.
html
()).
toEqual
(
`<div class="renderedMarkdown"><div><p><img src="http://image.source" title="Image title"></p></div></div>`
)
})
it
(
"
allows heading elements
"
,
function
()
{
const
str
=
`
# h1
## h2
### h3
#### h4
##### h5
###### h6`
const
el
=
render
(
<
OAS3Markdown
source
=
{
str
}
/>
)
expect
(
el
.
html
()).
toEqual
(
`<div class="renderedMarkdown"><div><h1>h1</h1>\n<h2>h2</h2>\n<h3>h3</h3>\n<h4>h4</h4>\n<h5>h5</h5>\n<h6>h6</h6></div></div>`
)
})
})
})
test/xss/info-sanitization.js
0 → 100644
浏览文件 @
6815f1d7
/* eslint-env mocha */
import
React
from
"
react
"
import
expect
from
"
expect
"
import
{
render
}
from
"
enzyme
"
import
{
fromJS
}
from
"
immutable
"
import
Info
from
"
components/info
"
import
Markdown
from
"
components/providers/markdown
"
describe
(
"
<Info/> Sanitization
"
,
function
(){
const
dummyComponent
=
()
=>
null
const
components
=
{
Markdown
}
const
props
=
{
getComponent
:
c
=>
components
[
c
]
||
dummyComponent
,
info
:
fromJS
({
title
:
"
Test Title **strong** <script>alert(1)</script>
"
,
description
:
"
Description *with* <script>Markdown</script>
"
}),
host
:
"
example.test
"
,
basePath
:
"
/api
"
}
it
(
"
renders sanitized .title content
"
,
function
(){
let
wrapper
=
render
(
<
Info
{...
props
}
/>
)
expect
(
wrapper
.
find
(
"
.title
"
).
html
()).
toEqual
(
"
Test Title **strong** <script>alert(1)</script>
"
)
})
it
(
"
renders sanitized .description content
"
,
function
()
{
let
wrapper
=
render
(
<
Info
{...
props
}
/>
)
expect
(
wrapper
.
find
(
"
.description
"
).
html
()).
toEqual
(
"
<div class=
\"
markdown
\"
><p>Description <em>with</em> </p>
\n
</div>
"
)
})
})
test/xss/markdown-script-sanitization.js
0 → 100644
浏览文件 @
6815f1d7
/* eslint-env mocha */
import
React
from
"
react
"
import
expect
from
"
expect
"
import
{
render
}
from
"
enzyme
"
import
Markdown
from
"
components/providers/markdown
"
import
{
Markdown
as
OAS3Markdown
}
from
"
corePlugins/oas3/wrap-components/markdown.js
"
describe
(
"
Markdown Script Sanitization
"
,
function
()
{
describe
(
"
Swagger 2.0
"
,
function
()
{
it
(
"
sanitizes <script> elements
"
,
function
()
{
const
str
=
`script <script>alert(1)</script>`
const
el
=
render
(
<
Markdown
source
=
{
str
}
/>
)
expect
(
el
.
html
()).
toEqual
(
`<div class="markdown"><p>script </p>\n</div>`
)
})
it
(
"
sanitizes <img> elements
"
,
function
()
{
const
str
=
`<img src=x onerror="alert('img-in-description')">`
const
el
=
render
(
<
Markdown
source
=
{
str
}
/>
)
expect
(
el
.
html
()).
toEqual
(
`<div class="markdown"><p><img src="x"></p>\n</div>`
)
})
})
describe
(
"
OAS 3
"
,
function
()
{
it
(
"
sanitizes <script> elements
"
,
function
()
{
const
str
=
`script <script>alert(1)</script>`
const
el
=
render
(
<
OAS3Markdown
source
=
{
str
}
/>
)
expect
(
el
.
html
()).
toEqual
(
`<div class="renderedMarkdown"><div><p>script </p></div></div>`
)
})
it
(
"
sanitizes <img> elements
"
,
function
()
{
const
str
=
`<img src=x onerror="alert('img-in-description')">`
const
el
=
render
(
<
OAS3Markdown
source
=
{
str
}
/>
)
expect
(
el
.
html
()).
toEqual
(
`<div class="renderedMarkdown"><div><img src="x"></div></div>`
)
})
})
})
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录