Error loading certain schemas: matches is null

EricWittmann commented 9 years ago

We are using json-editor in our project called apiman. For some schemas (not all) we have started seeing an error when compiling/loading the schema. We have some schemas that work and some that hit this problem. The problem was introduced in 0.7.19 I believe, and it still seems to be a problem as of 0.7.21.

Here is the stack:

"Error: matches is null
JSONEditor.defaults.templates.default/<.compile@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:6819:11
JSONEditor.prototype.compileTemplate@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:466:5
JSONEditor.AbstractEditor<.getLink@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:1521:9
JSONEditor.AbstractEditor<.addLinks@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:1478:11
JSONEditor.AbstractEditor<.postBuild@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:1413:5
JSONEditor.defaults.editors.select<.postBuild@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:4912:5
Class.extend/prototype[name]</<@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:52:17
JSONEditor.defaults.editors.object<.build/<@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:2653:9
$each@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:212:1
JSONEditor.defaults.editors.object<.build@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:2647:7
JSONEditor.defaults.editors.object<.build/<@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:2652:9
$each@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:212:1
JSONEditor.defaults.editors.object<.build@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:2647:7
JSONEditor.prototype.init/<@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:279:7
JSONEditor.prototype._loadExternalRefs@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:631:7
JSONEditor.prototype.init@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:265:5
JSONEditor@http://localhost:8080/libs/json-editor/dist/jsoneditor.js?cid=2015-07-14_17:32:238:3

Here is the schema that causes this problem:

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "title": "HTTP Security Headers Configuration",
  "type": "object",
  "properties": {
    "hsts": {
      "title": "HTTP Strict Transport Security",
      "description": "Enforce transport security when using HTTP to mitigate a range of common web vulnerabilities.",
      "type": "object",
      "properties": {
        "enabled": {
          "title": "Enable HTTP Strict Transport (HSTS)",
          "type": "boolean",
          "default": false
        },
        "includeSubdomains": {
          "title": "Include Subdomains",
          "type": "boolean",
          "default": false
        },
        "maxAge": {
          "title": "Maximum Age",
          "description": "Delta seconds user agents should cache HSTS status for.",
          "default": 0,
          "type": "integer"
        },
        "preload": {
          "title": "Enable HSTS Preload Flag",
          "description": "Flag to verify HSTS preload status. Popular browsers contain a hard-coded (pinned) list of domains and certificates, which they always connect securely with. This mitigates a wide range of identity and MIITM attacks, and is particularly useful for high-profile domains. Users must submit a request for their domain to be included in the scheme.",
          "type": "boolean",
          "default": false,
          "links": [
            {
              "href": "https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security",
              "rel": "Mozilla Dev: HTTP Strict-Transport-Security guide"
            },
            {
              "href": "https://hstspreload.appspot.com/",
              "rel": "Chromium: HSTS preload submission guidelines"
            }
          ]
        }
      }
    },
    "contentSecurityPolicy": {
      "title": "Content Security Policy",
      "description": "A sophisticated mechanism to precisely define the types and sources of content that may be loaded, with violation reporting and the ability to restrict the availability and scope of many security-sensitive features.",
      "type": "object",
      "properties": {
        "mode": {
          "title": "CSP Mode",
          "type": "string",
          "default": "DISABLED",
          "enum": [
            "ENABLED",
            "REPORT_ONLY",
            "DISABLED"
          ]
        },
        "csp": {
          "title": "Content Security Policy Definition",
          "description": "Valid CSP definition must be provided.",
          "type": "string",
          "format": "textarea",
          "links": [
            {
              "href": "https://developer.mozilla.org/en-US/docs/Web/Security/CSP",
              "rel": "Mozilla Dev: Content-Security-Policy (CSP) guide"
            }
          ]
        }
      }
    },
    "frameOptions": {
      "title": "Frame Options",
      "description": "Defines if, or how, a resource should be displayed in a frame, iframe or object.",
      "type": "string",
      "default": "DISABLED",
      "enum": [
        "DENY",
        "SAMEORIGIN",
        "DISABLED"
      ],
      "links": [
        {
          "href": "https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options",
          "rel": "Mozilla Dev: X-Frame-Options guide"
        }
      ]
    },
    "xssProtection": {
      "title": "XSS Protection",
      "description": "Enable or disable XSS filtering in the UA.",
      "type": "string",
      "default": "DISABLED",
      "enum": [
        "OFF",
        "ON",
        "BLOCK",
        "DISABLED"
      ],
      "links": [
        {
          "href": "http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx",
          "rel": "MSDN: X-XSS-Protection guide"
        }
      ]
    },
    "contentTypeOptions": {
      "title": "Content Type Options",
      "description": "X-Content-Type-Options: Prevent MIME-sniffing to any type other than the declared Content-Type.",
      "type": "boolean",
      "default": false,
      "links": [
        {
          "href": "http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx",
          "rel": "MSDN: X-Content-Type-Options guide"
        }
      ]
    }
  }
}

rob3c commented 9 years ago

Hi Eric,

Speaking of apiman, I just ran into this error while trying to get it going with the keycloak oauth plugin!

A simple fix for json-editor v0.7.21 is to change line 6832 of jsoneditor.js from:

var l = matches.length;

to

var l = matches && matches.length;

in order to eliminate a bad reference when matches is null. I'll try to put a quick PR together for it.

Cheers, Robert

EricWittmann commented 9 years ago

Ah nice - that's exactly the error. We fixed the problem in apiman by reverting to an older version of json-editor, but getting a fix is obviously way better! :)

msavy commented 9 years ago

@rob3c which version of apiman were you seeing this issue on? Not the very latest release? If you're still seeing it on the latest release, feel free to come and ping us on https://github.com/apiman/apiman

rob3c commented 9 years ago

@msavy I'm using the 1.1.4.Final apiman/keycloak docker container (with the keycloak oauth plugin at the same version), which I believe is the latest containerized version available. I only see this issue in the configuration screen for the oauth plugin. As a workaround on my windows dev box, I'm using Fiddler's AutoResponder to server my fixed version instead since that docker container uses jsoneditor v0.7.21.

jdorn / json-editor

Error loading certain schemas: matches is null #464