separated index.html and index.js to prevent unsafe-inline

Author: rzeijde

swagger.go

@@ -29,6 +29,7 @@ type Config struct {
 	PersistAuthorization     bool
 	Layout                   SwaggerLayout
 	DefaultModelsExpandDepth ModelsExpandDepthType
+	ShowExtensions           bool
 }
 
 // URL presents the url pointing to API definition (normally swagger.json or swagger.yaml).
@@ -141,6 +142,14 @@ func DefaultModelsExpandDepth(defaultModelsExpandDepth ModelsExpandDepthType) fu
 	}
 }
 
+// ShowExtensions controls the display of vendor extension (x-) fields and values for Operations,
+// Parameters, Responses, and Schema.
+func ShowExtensions(showExtensions bool) func(config *Config) {
+	return func(c *Config) {
+		c.ShowExtensions = showExtensions
+	}
+}
+
 func newConfig(configFns ...func(*Config)) *Config {
 	config := Config{
 		URL:                      "doc.json",
@@ -151,6 +160,7 @@ func newConfig(configFns ...func(*Config)) *Config {
 		PersistAuthorization:     false,
 		Layout:                   StandaloneLayout,
 		DefaultModelsExpandDepth: ShowModel,
+		ShowExtensions:           false,
 	}
 
 	for _, fn := range configFns {
@@ -256,7 +266,8 @@ window.onload = function() {
     {{$k}}: {{$v}},
     {{- end}}
     layout: "{{$.Layout}}",
-    defaultModelsExpandDepth: {{.DefaultModelsExpandDepth}}
+    defaultModelsExpandDepth: {{.DefaultModelsExpandDepth}},
+    showExtensions: {{.ShowExtensions}}
   })
 
   window.ui = ui

swagger_test.go

@@ -300,83 +300,6 @@ func TestUIConfigOptions(t *testing.T) {
 		exp  string
 	}
 
-	hdr := `
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <title>Swagger UI</title>
-  <link rel="stylesheet" type="text/css" href="./swagger-ui.css" >
-  <link rel="icon" type="image/png" href="./favicon-32x32.png" sizes="32x32" />
-  <link rel="icon" type="image/png" href="./favicon-16x16.png" sizes="16x16" />
-  <style>
-    html
-    {
-        box-sizing: border-box;
-        overflow: -moz-scrollbars-vertical;
-        overflow-y: scroll;
-    }
-    *,
-    *:before,
-    *:after
-    {
-        box-sizing: inherit;
-    }
-
-    body {
-      margin:0;
-      background: #fafafa;
-    }
-  </style>
-</head>
-
-<body>
-
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="position:absolute;width:0;height:0">
-  <defs>
-    <symbol viewBox="0 0 20 20" id="unlocked">
-      <path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V6h2v-.801C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8z"></path>
-    </symbol>
-
-    <symbol viewBox="0 0 20 20" id="locked">
-      <path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8zM12 8H8V5.199C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8z"/>
-    </symbol>
-
-    <symbol viewBox="0 0 20 20" id="close">
-      <path d="M14.348 14.849c-.469.469-1.229.469-1.697 0L10 11.819l-2.651 3.029c-.469.469-1.229.469-1.697 0-.469-.469-.469-1.229 0-1.697l2.758-3.15-2.759-3.152c-.469-.469-.469-1.228 0-1.697.469-.469 1.228-.469 1.697 0L10 8.183l2.651-3.031c.469-.469 1.228-.469 1.697 0 .469.469.469 1.229 0 1.697l-2.758 3.152 2.758 3.15c.469.469.469 1.229 0 1.698z"/>
-    </symbol>
-
-    <symbol viewBox="0 0 20 20" id="large-arrow">
-      <path d="M13.25 10L6.109 2.58c-.268-.27-.268-.707 0-.979.268-.27.701-.27.969 0l7.83 7.908c.268.271.268.709 0 .979l-7.83 7.908c-.268.271-.701.27-.969 0-.268-.269-.268-.707 0-.979L13.25 10z"/>
-    </symbol>
-
-    <symbol viewBox="0 0 20 20" id="large-arrow-down">
-      <path d="M17.418 6.109c.272-.268.709-.268.979 0s.271.701 0 .969l-7.908 7.83c-.27.268-.707.268-.979 0l-7.908-7.83c-.27-.268-.27-.701 0-.969.271-.268.709-.268.979 0L10 13.25l7.418-7.141z"/>
-    </symbol>
-
-    <symbol viewBox="0 0 24 24" id="jump-to">
-      <path d="M19 7v4H5.83l3.58-3.59L8 6l-6 6 6 6 1.41-1.41L5.83 13H21V7z"/>
-    </symbol>
-
-    <symbol viewBox="0 0 24 24" id="expand">
-      <path d="M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z"/>
-    </symbol>
-  </defs>
-</svg>
-
-<div id="swagger-ui"></div>
-
-<script src="./swagger-ui-bundle.js"> </script>
-<script src="./swagger-ui-standalone-preset.js"> </script>
-<script>
-`
-	ftr := `
-</script>
-</body>
-
-</html>
-`
-
 	fixtures := []fixture{
 		{
 			desc: "default configuration",
@@ -389,14 +312,15 @@ func TestUIConfigOptions(t *testing.T) {
 				Layout:                   StandaloneLayout,
 				DefaultModelsExpandDepth: ShowModel,
 			},
-			exp: `window.onload = function() {
-  
+			exp: `
+window.onload = function() {
+  // Build a system
   const ui = SwaggerUIBundle({
     url: "doc.json",
-    deepLinking:  true ,
+    deepLinking: true,
     docExpansion: "list",
     dom_id: "#swagger-ui",
-    persistAuthorization:  false ,
+    persistAuthorization: false,
     validatorUrl: null,
     presets: [
       SwaggerUIBundle.presets.apis,
@@ -406,11 +330,13 @@ func TestUIConfigOptions(t *testing.T) {
       SwaggerUIBundle.plugins.DownloadUrl
     ],
     layout: "StandaloneLayout",
-    defaultModelsExpandDepth:  1 
+    defaultModelsExpandDepth: 1,
+    showExtensions: false
   })
 
   window.ui = ui
-}`,
+}
+`,
 		},
 		{
 			desc: "script configuration",
@@ -440,18 +366,19 @@ func TestUIConfigOptions(t *testing.T) {
 				},
 				DefaultModelsExpandDepth: HideModel,
 			},
-			exp: `window.onload = function() {
-  const SomePlugin = (system) => ({
+			exp: `
+window.onload = function() {
+  const SomePlugin = (system) =&gt; ({
     // Some plugin
   });
 
-  
+  // Build a system
   const ui = SwaggerUIBundle({
     url: "swagger.json",
-    deepLinking:  false ,
+    deepLinking: false,
     docExpansion: "none",
     dom_id: "#swagger-ui-id",
-    persistAuthorization:  true ,
+    persistAuthorization: true,
     validatorUrl: null,
     presets: [
       SwaggerUIBundle.presets.apis,
@@ -462,36 +389,38 @@ func TestUIConfigOptions(t *testing.T) {
       SomePlugin,
       AnotherPlugin
     ],
-    defaultModelRendering: "model",
-    onComplete: () => { window.ui.setBasePath('v3'); },
+    defaultModelRendering: &#34;model&#34;,
+    onComplete: () =&gt; { window.ui.setBasePath(&#39;v3&#39;); },
     showExtensions: true,
     layout: "StandaloneLayout",
-    defaultModelsExpandDepth:  -1 
+    defaultModelsExpandDepth: -1,
+    showExtensions: false
   })
 
   window.ui = ui
   const someOtherCode = function(){
     // Do something
   };
   someOtherCode();
-}`,
+}
+`,
 		},
 	}
 
 	for _, fix := range fixtures {
 		t.Run(fix.desc, func(t *testing.T) {
-			tmpl := template.New("swagger_index.html")
-			index, err := tmpl.Parse(indexTempl)
+			tmpl := template.New("swagger_index.js")
+			indexJs, err := tmpl.Parse(indexJsTempl)
 			if err != nil {
 				t.Fatal(err)
 			}
 
 			buf := bytes.NewBuffer(nil)
-			if err := index.Execute(buf, fix.cfg); err != nil {
+			if err := indexJs.Execute(buf, fix.cfg); err != nil {
 				t.Fatal(err)
 			}
 
-			exp := hdr + fix.exp + ftr
+			exp := fix.exp
 
 			// Compare line by line
 			explns := strings.Split(exp, "\n")
@@ -559,3 +488,16 @@ func TestDefaultModelsExpandDepth(t *testing.T) {
 	DefaultModelsExpandDepth(ShowModel)(cfg)
 	assert.Equal(t, ShowModel, cfg.DefaultModelsExpandDepth)
 }
+
+func TestShowExtensions(t *testing.T) {
+	var cfg *Config
+
+	cfg = newConfig()
+	assert.False(t, cfg.ShowExtensions)
+
+	cfg = newConfig(ShowExtensions(true))
+	assert.True(t, cfg.ShowExtensions)
+
+	cfg = newConfig(ShowExtensions(false))
+	assert.False(t, cfg.ShowExtensions)
+}