cosmos-sdk/client/docs/swagger-ui/index.html

<!-- HTML for static distribution bundle build -->
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8">
    <title>Swagger UI</title>
    <link rel="stylesheet" type="text/css" href="./swagger-ui.css" />
    <link rel="icon" type="image/png" href="./favicon-32x32.png" sizes="32x32" />
    <link rel="icon" type="image/png" href="./favicon-16x16.png" sizes="16x16" />
    <style>
      html
      {
        box-sizing: border-box;
        overflow: -moz-scrollbars-vertical;
        overflow-y: scroll;
      }

      *,
      *:before,
      *:after
      {
        box-sizing: inherit;
      }

      body
      {
        margin:0;
        background: #fafafa;
      }
    </style>
  </head>

  <body>
    <div id="swagger-ui"></div>

    <script src="./swagger-ui-bundle.js" charset="UTF-8"> </script>
    <script src="./swagger-ui-standalone-preset.js" charset="UTF-8"> </script>
    <script>
    window.onload = function() {
      // Begin Swagger UI call region
      const ui = SwaggerUIBundle({
        url: "./swagger.yaml",
        dom_id: '#swagger-ui',
        deepLinking: true,
        queryConfigEnabled: false,
        presets: [
          SwaggerUIBundle.presets.apis,
          SwaggerUIStandalonePreset
        ],
        plugins: [
          SwaggerUIBundle.plugins.DownloadUrl
        ],
        layout: "StandaloneLayout"
      });
      // End Swagger UI call region

      window.ui = ui;
    };
  </script>
  </body>
</html>
Merge PR #4413: Revert swagger removal 2019-05-28 06:46:26 -07:00			`<!-- HTML for static distribution bundle build -->`
			`<!DOCTYPE html>`
			`<html lang="en">`
			`<head>`
			`<meta charset="UTF-8">`
			`<title>Swagger UI</title>`
fix: xss vulnerability in embed swagger-ui (#10593) Solution: - update to recent version: v4.1.0 <!-- The default pull request template is for types feat, fix, or refactor. For other templates, add one of the following parameters to the url: - template=docs.md - template=other.md --> ## Description ### How to reproduce Open following URL, click the `Authorize` button, click the `Authorize` button in the login window, there'll be an alert that shows a successful XSS attack: ``` http://localhost:26654/swagger/?url=https://raw.githubusercontent.com/semsem123s/semsem-template/main/xss1.yaml ``` <!-- Add a description of the changes that this PR introduces and the files that are the most critical to review. --> --- ### Author Checklist All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues. I have... - [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed ### Reviewers Checklist All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items. I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) 2021-12-01 00:29:43 -08:00			`<link rel="stylesheet" type="text/css" href="./swagger-ui.css" />`
			`<link rel="icon" type="image/png" href="./favicon-32x32.png" sizes="32x32" />`
			`<link rel="icon" type="image/png" href="./favicon-16x16.png" sizes="16x16" />`
Merge PR #4413: Revert swagger removal 2019-05-28 06:46:26 -07:00			`<style>`
			`html`
			`{`
			`box-sizing: border-box;`
			`overflow: -moz-scrollbars-vertical;`
			`overflow-y: scroll;`
			`}`

			`*,`
			`*:before,`
			`*:after`
			`{`
			`box-sizing: inherit;`
			`}`

			`body`
			`{`
			`margin:0;`
			`background: #fafafa;`
			`}`
			`</style>`
			`</head>`

			`<body>`
			`<div id="swagger-ui"></div>`

fix: xss vulnerability in embed swagger-ui (#10593) Solution: - update to recent version: v4.1.0 <!-- The default pull request template is for types feat, fix, or refactor. For other templates, add one of the following parameters to the url: - template=docs.md - template=other.md --> ## Description ### How to reproduce Open following URL, click the `Authorize` button, click the `Authorize` button in the login window, there'll be an alert that shows a successful XSS attack: ``` http://localhost:26654/swagger/?url=https://raw.githubusercontent.com/semsem123s/semsem-template/main/xss1.yaml ``` <!-- Add a description of the changes that this PR introduces and the files that are the most critical to review. --> --- ### Author Checklist All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues. I have... - [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed ### Reviewers Checklist All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items. I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) 2021-12-01 00:29:43 -08:00			`<script src="./swagger-ui-bundle.js" charset="UTF-8"> </script>`
			`<script src="./swagger-ui-standalone-preset.js" charset="UTF-8"> </script>`
Merge PR #4413: Revert swagger removal 2019-05-28 06:46:26 -07:00			`<script>`
			`window.onload = function() {`
fix: xss vulnerability in embed swagger-ui (#10593) Solution: - update to recent version: v4.1.0 <!-- The default pull request template is for types feat, fix, or refactor. For other templates, add one of the following parameters to the url: - template=docs.md - template=other.md --> ## Description ### How to reproduce Open following URL, click the `Authorize` button, click the `Authorize` button in the login window, there'll be an alert that shows a successful XSS attack: ``` http://localhost:26654/swagger/?url=https://raw.githubusercontent.com/semsem123s/semsem-template/main/xss1.yaml ``` <!-- Add a description of the changes that this PR introduces and the files that are the most critical to review. --> --- ### Author Checklist All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues. I have... - [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed ### Reviewers Checklist All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items. I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) 2021-12-01 00:29:43 -08:00			`// Begin Swagger UI call region`
Merge PR #4413: Revert swagger removal 2019-05-28 06:46:26 -07:00			`const ui = SwaggerUIBundle({`
			`url: "./swagger.yaml",`
			`dom_id: '#swagger-ui',`
			`deepLinking: true,`
disable url parameter in swagger-ui page (#11202) Closes: #11201 Solution: - update swagger-ui to recent release - add option `queryConfigEnabled: false` 2022-02-16 05:58:36 -08:00			`queryConfigEnabled: false,`
Merge PR #4413: Revert swagger removal 2019-05-28 06:46:26 -07:00			`presets: [`
			`SwaggerUIBundle.presets.apis,`
			`SwaggerUIStandalonePreset`
			`],`
			`plugins: [`
			`SwaggerUIBundle.plugins.DownloadUrl`
			`],`
			`layout: "StandaloneLayout"`
fix: xss vulnerability in embed swagger-ui (#10593) Solution: - update to recent version: v4.1.0 <!-- The default pull request template is for types feat, fix, or refactor. For other templates, add one of the following parameters to the url: - template=docs.md - template=other.md --> ## Description ### How to reproduce Open following URL, click the `Authorize` button, click the `Authorize` button in the login window, there'll be an alert that shows a successful XSS attack: ``` http://localhost:26654/swagger/?url=https://raw.githubusercontent.com/semsem123s/semsem-template/main/xss1.yaml ``` <!-- Add a description of the changes that this PR introduces and the files that are the most critical to review. --> --- ### Author Checklist All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues. I have... - [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed ### Reviewers Checklist All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items. I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) 2021-12-01 00:29:43 -08:00			`});`
			`// End Swagger UI call region`
Merge PR #4413: Revert swagger removal 2019-05-28 06:46:26 -07:00
fix: xss vulnerability in embed swagger-ui (#10593) Solution: - update to recent version: v4.1.0 <!-- The default pull request template is for types feat, fix, or refactor. For other templates, add one of the following parameters to the url: - template=docs.md - template=other.md --> ## Description ### How to reproduce Open following URL, click the `Authorize` button, click the `Authorize` button in the login window, there'll be an alert that shows a successful XSS attack: ``` http://localhost:26654/swagger/?url=https://raw.githubusercontent.com/semsem123s/semsem-template/main/xss1.yaml ``` <!-- Add a description of the changes that this PR introduces and the files that are the most critical to review. --> --- ### Author Checklist All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues. I have... - [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules) - [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed ### Reviewers Checklist All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items. I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) 2021-12-01 00:29:43 -08:00			`window.ui = ui;`
			`};`
Merge PR #4413: Revert swagger removal 2019-05-28 06:46:26 -07:00			`</script>`
			`</body>`
			`</html>`