You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I've come across this security issue with flasgger.
Swagger interface allows the injection of JavaScript code, which can be injected using the remote Swagger configUrl and url. As a result, someone could execute arbitrary JavaScript code in the context of the domain that hosts the swagger file.
Hello,
I've come across this security issue with flasgger.
Swagger interface allows the injection of JavaScript code, which can be injected using the remote Swagger configUrl and url. As a result, someone could execute arbitrary JavaScript code in the context of the domain that hosts the swagger file.
Examples:
I've tried to remove the query parameters and to reset the values for
queryConfig
from flasgger\ui3\static\swagger-ui-bundle.js.mapbut did not help.
How can I remove completely query parameters from swagger?
The text was updated successfully, but these errors were encountered: