mirror of
https://github.com/go-gitea/gitea
synced 2024-12-22 14:24:11 +01:00
Prevent incorrect HTML escaping in swagger.json (#14957)
* Prevent incorrect HTML escaping in swagger.json Fix #14706 Signed-off-by: Andrew Thornton <art27@cantab.net> * oops add it to the helper Signed-off-by: Andrew Thornton <art27@cantab.net> * try again Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
parent
df76d9f7ad
commit
91ee3be588
4 changed files with 11 additions and 5 deletions
4
Makefile
4
Makefile
|
@ -127,8 +127,8 @@ GO_SOURCES_OWN := $(filter-out vendor/% %/bindata.go, $(GO_SOURCES))
|
||||||
#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger
|
#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger
|
||||||
SWAGGER := $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger
|
SWAGGER := $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger
|
||||||
SWAGGER_SPEC := templates/swagger/v1_json.tmpl
|
SWAGGER_SPEC := templates/swagger/v1_json.tmpl
|
||||||
SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
|
SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
|
||||||
SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
|
SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g
|
||||||
SWAGGER_EXCLUDE := code.gitea.io/sdk
|
SWAGGER_EXCLUDE := code.gitea.io/sdk
|
||||||
SWAGGER_NEWLINE_COMMAND := -e '$$a\'
|
SWAGGER_NEWLINE_COMMAND := -e '$$a\'
|
||||||
|
|
||||||
|
|
|
@ -92,6 +92,7 @@ func NewFuncMap() []template.FuncMap {
|
||||||
},
|
},
|
||||||
"Safe": Safe,
|
"Safe": Safe,
|
||||||
"SafeJS": SafeJS,
|
"SafeJS": SafeJS,
|
||||||
|
"JSEscape": JSEscape,
|
||||||
"Str2html": Str2html,
|
"Str2html": Str2html,
|
||||||
"TimeSince": timeutil.TimeSince,
|
"TimeSince": timeutil.TimeSince,
|
||||||
"TimeSinceUnix": timeutil.TimeSinceUnix,
|
"TimeSinceUnix": timeutil.TimeSinceUnix,
|
||||||
|
@ -629,6 +630,11 @@ func Escape(raw string) string {
|
||||||
return html.EscapeString(raw)
|
return html.EscapeString(raw)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// JSEscape escapes a JS string
|
||||||
|
func JSEscape(raw string) string {
|
||||||
|
return template.JSEscapeString(raw)
|
||||||
|
}
|
||||||
|
|
||||||
// List traversings the list
|
// List traversings the list
|
||||||
func List(l *list.List) chan interface{} {
|
func List(l *list.List) chan interface{} {
|
||||||
e := l.Front()
|
e := l.Front()
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
//
|
//
|
||||||
// Schemes: http, https
|
// Schemes: http, https
|
||||||
// BasePath: /api/v1
|
// BasePath: /api/v1
|
||||||
// Version: {{AppVer}}
|
// Version: {{AppVer | JSEscape | Safe}}
|
||||||
// License: MIT http://opensource.org/licenses/MIT
|
// License: MIT http://opensource.org/licenses/MIT
|
||||||
//
|
//
|
||||||
// Consumes:
|
// Consumes:
|
||||||
|
|
|
@ -19,9 +19,9 @@
|
||||||
"name": "MIT",
|
"name": "MIT",
|
||||||
"url": "http://opensource.org/licenses/MIT"
|
"url": "http://opensource.org/licenses/MIT"
|
||||||
},
|
},
|
||||||
"version": "{{AppVer}}"
|
"version": "{{AppVer | JSEscape | Safe}}"
|
||||||
},
|
},
|
||||||
"basePath": "{{AppSubUrl}}/api/v1",
|
"basePath": "{{AppSubUrl | JSEscape | Safe}}/api/v1",
|
||||||
"paths": {
|
"paths": {
|
||||||
"/admin/cron": {
|
"/admin/cron": {
|
||||||
"get": {
|
"get": {
|
||||||
|
|
Loading…
Reference in a new issue