app/assets/javascripts/blob/openapi/index.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

import { SwaggerUIBundle } from 'swagger-ui-dist';
import createFlash from '~/flash';
import { removeParams, updateHistory } from '~/lib/utils/url_utility';
import { __ } from '~/locale';

export default () => {
  const el = document.getElementById('js-openapi-viewer');

  Promise.all([import(/* webpackChunkName: 'openapi' */ 'swagger-ui-dist/swagger-ui.css')])
    .then(() => {
      // Temporary fix to prevent an XSS attack due to "useUnsafeMarkdown"
      // Once we upgrade Swagger to "4.0.0", we can safely remove this as it will be deprecated
      // Follow-up issue: https://gitlab.com/gitlab-org/gitlab/-/issues/339696
      updateHistory({ url: removeParams(['useUnsafeMarkdown']), replace: true });
      SwaggerUIBundle({
        url: el.dataset.endpoint,
        dom_id: '#js-openapi-viewer',
        useUnsafeMarkdown: false,
      });
    })
    .catch((error) => {
      createFlash({
        message: __('Something went wrong while initializing the OpenAPI viewer'),
      });
      throw error;
    });
};