mirror of https://github.com/k3s-io/k3s
Remove url query param that is leading to XSS issue
nikhiljindal
parent
b5fa14609e
commit
532398afb3
|
|
@ -2679,12 +2679,7 @@ var _third_party_swagger_ui_index_html = []byte(`<!DOCTYPE html>
|
||||||
<script src='lib/swagger-oauth.js' type='text/javascript'></script>
|
<script src='lib/swagger-oauth.js' type='text/javascript'></script>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
$(function () {
|
$(function () {
|
||||||
var url = window.location.search.match(/url=([^&]+)/);
|
var url = "../../swaggerapi";
|
||||||
if (url && url.length > 1) {
|
|
||||||
url = decodeURIComponent(url[1]);
|
|
||||||
} else {
|
|
||||||
url = "../../swaggerapi";
|
|
||||||
}
|
|
||||||
window.swaggerUi = new SwaggerUi({
|
window.swaggerUi = new SwaggerUi({
|
||||||
url: url,
|
url: url,
|
||||||
dom_id: "swagger-ui-container",
|
dom_id: "swagger-ui-container",
|
||||||
|
|
@ -2763,7 +2758,7 @@ func third_party_swagger_ui_index_html() (*asset, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
info := bindata_file_info{name: "third_party/swagger-ui/index.html", size: 3720, mode: os.FileMode(416), modTime: time.Unix(1458251987, 0)}
|
info := bindata_file_info{name: "third_party/swagger-ui/index.html", size: 3561, mode: os.FileMode(416), modTime: time.Unix(1458347707, 0)}
|
||||||
a := &asset{bytes: bytes, info: info}
|
a := &asset{bytes: bytes, info: info}
|
||||||
return a, nil
|
return a, nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,8 @@ https://github.com/swagger-api/swagger-ui#how-to-use-it
|
||||||
https://github.com/swagger-api/swagger-ui#how-to-use-it
|
https://github.com/swagger-api/swagger-ui#how-to-use-it
|
||||||
- Modified swagger-ui.js to list resources and operations in sorted order: https://github.com/kubernetes/kubernetes/pull/3421
|
- Modified swagger-ui.js to list resources and operations in sorted order: https://github.com/kubernetes/kubernetes/pull/3421
|
||||||
- Set supportedSubmitMethods: [] in index.html to remove "Try it out" buttons.
|
- Set supportedSubmitMethods: [] in index.html to remove "Try it out" buttons.
|
||||||
|
- Remove the url query param to fix XSS issue:
|
||||||
|
https://github.com/kubernetes/kubernetes/pull/23234
|
||||||
|
|
||||||
LICENSE file has been created for compliance purposes.
|
LICENSE file has been created for compliance purposes.
|
||||||
Not included in original distribution.
|
Not included in original distribution.
|
||||||
|
|
|
||||||
|
|
@ -24,12 +24,7 @@
|
||||||
<script src='lib/swagger-oauth.js' type='text/javascript'></script>
|
<script src='lib/swagger-oauth.js' type='text/javascript'></script>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
$(function () {
|
$(function () {
|
||||||
var url = window.location.search.match(/url=([^&]+)/);
|
var url = "../../swaggerapi";
|
||||||
if (url && url.length > 1) {
|
|
||||||
url = decodeURIComponent(url[1]);
|
|
||||||
} else {
|
|
||||||
url = "../../swaggerapi";
|
|
||||||
}
|
|
||||||
window.swaggerUi = new SwaggerUi({
|
window.swaggerUi = new SwaggerUi({
|
||||||
url: url,
|
url: url,
|
||||||
dom_id: "swagger-ui-container",
|
dom_id: "swagger-ui-container",
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue