Browse Source
Prevent incorrect HTML escaping in swagger.json (#14957)
* Prevent incorrect HTML escaping in swagger.json Fix #14706 Signed-off-by: Andrew Thornton <art27@cantab.net> * oops add it to the helper Signed-off-by: Andrew Thornton <art27@cantab.net> * try again Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>tags/v1.15.0-dev
zeripath
3 years ago
4 changed files with 11 additions and 5 deletions
+ 2
- 2
Makefile
View File
| #To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger | #To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger | ||||
| SWAGGER := $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger | SWAGGER := $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger | ||||
| SWAGGER_SPEC := templates/swagger/v1_json.tmpl | SWAGGER_SPEC := templates/swagger/v1_json.tmpl | ||||
| SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g | |||||
| SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g | |||||
| SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g | |||||
| SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g | |||||
| SWAGGER_EXCLUDE := code.gitea.io/sdk | SWAGGER_EXCLUDE := code.gitea.io/sdk | ||||
| SWAGGER_NEWLINE_COMMAND := -e '$$a\' | SWAGGER_NEWLINE_COMMAND := -e '$$a\' | ||||
+ 6
- 0
modules/templates/helper.go
View File
| }, | }, | ||||
| "Safe": Safe, | "Safe": Safe, | ||||
| "SafeJS": SafeJS, | "SafeJS": SafeJS, | ||||
| "JSEscape": JSEscape, | |||||
| "Str2html": Str2html, | "Str2html": Str2html, | ||||
| "TimeSince": timeutil.TimeSince, | "TimeSince": timeutil.TimeSince, | ||||
| "TimeSinceUnix": timeutil.TimeSinceUnix, | "TimeSinceUnix": timeutil.TimeSinceUnix, | ||||
| return html.EscapeString(raw) | return html.EscapeString(raw) | ||||
| } | } | ||||
| // JSEscape escapes a JS string | |||||
| func JSEscape(raw string) string { | |||||
| return template.JSEscapeString(raw) | |||||
| } | |||||
| // List traversings the list | // List traversings the list | ||||
| func List(l *list.List) chan interface{} { | func List(l *list.List) chan interface{} { | ||||
| e := l.Front() | e := l.Front() |
+ 1
- 1
routers/api/v1/api.go
View File
| // | // | ||||
| // Schemes: http, https | // Schemes: http, https | ||||
| // BasePath: /api/v1 | // BasePath: /api/v1 | ||||
| // Version: {{AppVer}} | |||||
| // Version: {{AppVer | JSEscape | Safe}} | |||||
| // License: MIT http://opensource.org/licenses/MIT | // License: MIT http://opensource.org/licenses/MIT | ||||
| // | // | ||||
| // Consumes: | // Consumes: |
+ 2
- 2
templates/swagger/v1_json.tmpl
View File
| "name": "MIT", | "name": "MIT", | ||||
| "url": "http://opensource.org/licenses/MIT" | "url": "http://opensource.org/licenses/MIT" | ||||
| }, | }, | ||||
| "version": "{{AppVer}}" | |||||
| "version": "{{AppVer | JSEscape | Safe}}" | |||||
| }, | }, | ||||
| "basePath": "{{AppSubUrl}}/api/v1", | |||||
| "basePath": "{{AppSubUrl | JSEscape | Safe}}/api/v1", | |||||
| "paths": { | "paths": { | ||||
| "/admin/cron": { | "/admin/cron": { | ||||
| "get": { | "get": { |
Loading…