* Prevent incorrect HTML escaping in swagger.json Fix #14706 Signed-off-by: Andrew Thornton <art27@cantab.net> * oops add it to the helper Signed-off-by: Andrew Thornton <art27@cantab.net> * try again Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>tags/v1.15.0-dev
@@ -127,8 +127,8 @@ GO_SOURCES_OWN := $(filter-out vendor/% %/bindata.go, $(GO_SOURCES)) | |||
#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger | |||
SWAGGER := $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger | |||
SWAGGER_SPEC := templates/swagger/v1_json.tmpl | |||
SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g | |||
SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g | |||
SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g | |||
SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g | |||
SWAGGER_EXCLUDE := code.gitea.io/sdk | |||
SWAGGER_NEWLINE_COMMAND := -e '$$a\' | |||
@@ -92,6 +92,7 @@ func NewFuncMap() []template.FuncMap { | |||
}, | |||
"Safe": Safe, | |||
"SafeJS": SafeJS, | |||
"JSEscape": JSEscape, | |||
"Str2html": Str2html, | |||
"TimeSince": timeutil.TimeSince, | |||
"TimeSinceUnix": timeutil.TimeSinceUnix, | |||
@@ -629,6 +630,11 @@ func Escape(raw string) string { | |||
return html.EscapeString(raw) | |||
} | |||
// JSEscape escapes a JS string | |||
func JSEscape(raw string) string { | |||
return template.JSEscapeString(raw) | |||
} | |||
// List traversings the list | |||
func List(l *list.List) chan interface{} { | |||
e := l.Front() |
@@ -9,7 +9,7 @@ | |||
// | |||
// Schemes: http, https | |||
// BasePath: /api/v1 | |||
// Version: {{AppVer}} | |||
// Version: {{AppVer | JSEscape | Safe}} | |||
// License: MIT http://opensource.org/licenses/MIT | |||
// | |||
// Consumes: |
@@ -19,9 +19,9 @@ | |||
"name": "MIT", | |||
"url": "http://opensource.org/licenses/MIT" | |||
}, | |||
"version": "{{AppVer}}" | |||
"version": "{{AppVer | JSEscape | Safe}}" | |||
}, | |||
"basePath": "{{AppSubUrl}}/api/v1", | |||
"basePath": "{{AppSubUrl | JSEscape | Safe}}/api/v1", | |||
"paths": { | |||
"/admin/cron": { | |||
"get": { |