Skip to content

v2.1.1

Latest

Choose a tag to compare

@Moltivie Moltivie released this 27 Feb 19:50

v2.1.x

Improvements and fixes: XSS hardening, plugin options in render hooks, per-route plugins, and better error handling.


What's new in v2.1

Security
Title, spec URL, nonce, and ReDoc options are now escaped before being injected into the HTML. User-controlled values can no longer break out of attributes or script context, which prevents XSS when titles, URLs, or options come from untrusted input.

Plugins

  • Render hooks (beforeRender, afterRender) receive the current redoc options, so plugins like the cache can key by options and store separate HTML per configuration.
  • The global plugin registry was removed. Plugins are configured only via the plugins option when creating the middleware, so each route can have its own set of plugins.

Error handling
createOnErrorMiddleware is now exported. You can attach a single error middleware after your ReDoc route and have plugin onError hooks run when something goes wrong.

Documentation
README examples were updated (TypeScript label, error-middleware snippet) for clarity.

Stability
ReDoc version remains locked to avoid unexpected breaking changes.


Installation

npm install redoc-express-maintained