Browse Source

Prevent incorrect HTML escaping in swagger.json (#14957)

* Prevent incorrect HTML escaping in swagger.json

Fix #14706

Signed-off-by: Andrew Thornton <art27@cantab.net>

* oops add it to the helper

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try again

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
mj-v1.14.3
zeripath 1 year ago
committed by GitHub
parent
commit
91ee3be588
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 4
      Makefile
  2. 6
      modules/templates/helper.go
  3. 2
      routers/api/v1/api.go
  4. 4
      templates/swagger/v1_json.tmpl

4
Makefile

@ -127,8 +127,8 @@ GO_SOURCES_OWN := $(filter-out vendor/% %/bindata.go, $(GO_SOURCES))
#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger
SWAGGER := $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger
SWAGGER_SPEC := templates/swagger/v1_json.tmpl
SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g
SWAGGER_EXCLUDE := code.gitea.io/sdk
SWAGGER_NEWLINE_COMMAND := -e '$$a\'

6
modules/templates/helper.go

@ -92,6 +92,7 @@ func NewFuncMap() []template.FuncMap {
},
"Safe": Safe,
"SafeJS": SafeJS,
"JSEscape": JSEscape,
"Str2html": Str2html,
"TimeSince": timeutil.TimeSince,
"TimeSinceUnix": timeutil.TimeSinceUnix,
@ -629,6 +630,11 @@ func Escape(raw string) string {
return html.EscapeString(raw)
}
// JSEscape escapes a JS string
func JSEscape(raw string) string {
return template.JSEscapeString(raw)
}
// List traversings the list
func List(l *list.List) chan interface{} {
e := l.Front()

2
routers/api/v1/api.go

@ -9,7 +9,7 @@
//
// Schemes: http, https
// BasePath: /api/v1
// Version: {{AppVer}}
// Version: {{AppVer | JSEscape | Safe}}
// License: MIT http://opensource.org/licenses/MIT
//
// Consumes:

4
templates/swagger/v1_json.tmpl

@ -19,9 +19,9 @@
"name": "MIT",
"url": "http://opensource.org/licenses/MIT"
},
"version": "{{AppVer}}"
"version": "{{AppVer | JSEscape | Safe}}"
},
"basePath": "{{AppSubUrl}}/api/v1",
"basePath": "{{AppSubUrl | JSEscape | Safe}}/api/v1",
"paths": {
"/admin/cron": {
"get": {

Loading…
Cancel
Save