mirror of
https://github.com/go-gitea/gitea
synced 2024-12-22 13:54:17 +01:00
Prevent incorrect HTML escaping in swagger.json (#14957)
* Prevent incorrect HTML escaping in swagger.json Fix #14706 Signed-off-by: Andrew Thornton <art27@cantab.net> * oops add it to the helper Signed-off-by: Andrew Thornton <art27@cantab.net> * try again Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
parent
df76d9f7ad
commit
91ee3be588
4 changed files with 11 additions and 5 deletions
4
Makefile
4
Makefile
|
@ -127,8 +127,8 @@ GO_SOURCES_OWN := $(filter-out vendor/% %/bindata.go, $(GO_SOURCES))
|
|||
#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger
|
||||
SWAGGER := $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger
|
||||
SWAGGER_SPEC := templates/swagger/v1_json.tmpl
|
||||
SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
|
||||
SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
|
||||
SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
|
||||
SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g
|
||||
SWAGGER_EXCLUDE := code.gitea.io/sdk
|
||||
SWAGGER_NEWLINE_COMMAND := -e '$$a\'
|
||||
|
||||
|
|
|
@ -92,6 +92,7 @@ func NewFuncMap() []template.FuncMap {
|
|||
},
|
||||
"Safe": Safe,
|
||||
"SafeJS": SafeJS,
|
||||
"JSEscape": JSEscape,
|
||||
"Str2html": Str2html,
|
||||
"TimeSince": timeutil.TimeSince,
|
||||
"TimeSinceUnix": timeutil.TimeSinceUnix,
|
||||
|
@ -629,6 +630,11 @@ func Escape(raw string) string {
|
|||
return html.EscapeString(raw)
|
||||
}
|
||||
|
||||
// JSEscape escapes a JS string
|
||||
func JSEscape(raw string) string {
|
||||
return template.JSEscapeString(raw)
|
||||
}
|
||||
|
||||
// List traversings the list
|
||||
func List(l *list.List) chan interface{} {
|
||||
e := l.Front()
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
//
|
||||
// Schemes: http, https
|
||||
// BasePath: /api/v1
|
||||
// Version: {{AppVer}}
|
||||
// Version: {{AppVer | JSEscape | Safe}}
|
||||
// License: MIT http://opensource.org/licenses/MIT
|
||||
//
|
||||
// Consumes:
|
||||
|
|
|
@ -19,9 +19,9 @@
|
|||
"name": "MIT",
|
||||
"url": "http://opensource.org/licenses/MIT"
|
||||
},
|
||||
"version": "{{AppVer}}"
|
||||
"version": "{{AppVer | JSEscape | Safe}}"
|
||||
},
|
||||
"basePath": "{{AppSubUrl}}/api/v1",
|
||||
"basePath": "{{AppSubUrl | JSEscape | Safe}}/api/v1",
|
||||
"paths": {
|
||||
"/admin/cron": {
|
||||
"get": {
|
||||
|
|
Loading…
Reference in a new issue