Skip to content

feat(topbar): sanitize importUrl input #3311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 26, 2022
Merged

feat(topbar): sanitize importUrl input #3311

merged 1 commit into from
Jul 26, 2022

Conversation

@tim-lai
Copy link
Contributor

@tim-lai tim-lai commented Jul 26, 2022
edited
Loading

Description

  • Add @braintree/sanitize-url@6.x
  • For TopBar's ImportUrl method, sanitize user input of url before making a (axios) fetch request
  • Handle error case if provided url is not a string, or is an empty string.
  • In the event a fetch error occurs, the resulting error message also contains the sanitized url.

Motivation and Context

html safety.

How Has This Been Tested?

local

Screenshots (if appropriate):

Checklist

My PR contains...

  • No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • Dependency changes (any modification to dependencies in package.json)
  • Bug fixes (non-breaking change which fixes an issue)
  • Improvements (misc. changes to existing features)
  • Features (non-breaking change which adds functionality)

My changes...

  • are breaking changes to a public API (config options, System API, major UI change, etc).
  • are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • are not breaking changes.

Documentation

  • My changes do not require a change to the project documentation.
  • My changes require a change to the project documentation.
  • If yes to above: I have updated the documentation accordingly.

Automated tests

  • My changes can not or do not need to be tested.
  • My changes can and should be tested by unit and/or integration tests.
  • If yes to above: I have added tests to cover my changes.
  • If yes to above: I have taken care to cover edge cases in my tests.
  • All new and existing tests passed.

@tim-lai tim-lai merged commit 8cfd2ac into next Jul 26, 2022
swagger-bot pushed a commit that referenced this pull request Jul 27, 2022
@semantic-release-bot
chore(release): cut the 5.0.0-alpha.13 release
4107c65 
# [5.0.0-alpha.13](v5.0.0-alpha.12...v5.0.0-alpha.13) (2022-07-27)

### Features

* swagger-ui fallback page for oas3.1 ([#3314](#3314)) ([60beb7c](60beb7c))
* **topbar:** load some fixtures as YAML ([#3312](#3312)) ([ed614c5](ed614c5))
* **topbar:** sanitize importUrl input ([#3311](#3311)) ([8cfd2ac](8cfd2ac))
@swagger-bot
Copy link
Contributor

swagger-bot commented Jul 27, 2022

🎉 This PR is included in version 5.0.0-alpha.13 🎉

The release is available on:

Your semantic-release bot 📦🚀

@tim-lai tim-lai deleted the feat/next-sanitize-import-url branch July 29, 2022 21:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released on @alpha swagger-editor@next

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tim-lai @swagger-bot