github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove url query param that is leading to XSS issue

pull/6/head
nikhiljindal 2016-03-18 17:35:29 -07:00
parent b5fa14609e
commit 532398afb3
3 changed files with 5 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/ui/data/swagger/datafile.go
View File

@ -2679,12 +2679,7 @@ var _third_party_swagger_ui_index_html = []byte(`<!DOCTYPE html>
<script src='lib/swagger-oauth.js' type='text/javascript'></script>
<script type="text/javascript">
$(function () {
var url = window.location.search.match(/url=([^&]+)/);
if (url && url.length > 1) {
url = decodeURIComponent(url[1]);
} else {
url = "../../swaggerapi";
}
var url = "../../swaggerapi";
window.swaggerUi = new SwaggerUi({
url: url,
dom_id: "swagger-ui-container",
@ -2763,7 +2758,7 @@ func third_party_swagger_ui_index_html() (*asset, error) {
return nil, err
}
info := bindata_file_info{name: "third_party/swagger-ui/index.html", size: 3720, mode: os.FileMode(416), modTime: time.Unix(1458251987, 0)}
info := bindata_file_info{name: "third_party/swagger-ui/index.html", size: 3561, mode: os.FileMode(416), modTime: time.Unix(1458347707, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}

2
third_party/swagger-ui/README.md vendored
View File

@ -17,6 +17,8 @@ https://github.com/swagger-api/swagger-ui#how-to-use-it
https://github.com/swagger-api/swagger-ui#how-to-use-it
- Modified swagger-ui.js to list resources and operations in sorted order: https://github.com/kubernetes/kubernetes/pull/3421
- Set supportedSubmitMethods: [] in index.html to remove "Try it out" buttons.
- Remove the url query param to fix XSS issue:
https://github.com/kubernetes/kubernetes/pull/23234
LICENSE file has been created for compliance purposes.
Not included in original distribution.

7
third_party/swagger-ui/index.html vendored
View File

@ -24,12 +24,7 @@
<script src='lib/swagger-oauth.js' type='text/javascript'></script>
<script type="text/javascript">
$(function () {
var url = window.location.search.match(/url=([^&]+)/);
if (url && url.length > 1) {
url = decodeURIComponent(url[1]);
} else {
url = "../../swaggerapi";
}
var url = "../../swaggerapi";
window.swaggerUi = new SwaggerUi({
url: url,
dom_id: "swagger-ui-container",