search

swagger-api / swagger-ui

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
https://swagger.io
Apache License 2.0
26.56k stars 8.96k forks source link

UI resolves local references misspelled as '#definitions/...' #3888

Closed hkosova closed 6 years ago

hkosova commented 6 years ago
Q A
Bug or feature request? Bug
Which Swagger/OpenAPI version? 2.0, 3.0
Which Swagger-UI version? 3.x
How did you install Swagger-UI? http://petstore.swagger.io
Which browser & version? Chrome 61
Which operating system? Windows 7

This is related to https://github.com/swagger-api/swagger-editor/issues/1560

Demonstration API definition

See https://github.com/swagger-api/swagger-editor/issues/1560.

Expected Behavior

Misspelled references '#definitions/Pet', '#parameters/foo' etc. (with missing / after the #) should NOT be successfully resolved.

Current Behavior

Misspelled references are successfully resolved and rendered by UI.

Context

According to the JSON Reference syntax and JSON Pointer RFC 6901, local references should be in the format #/foo/bar with / after the #:

A JSON Pointer is a Unicode string (see [RFC4627], Section 3) containing a sequence of zero or more reference tokens, each prefixed by a '/' (%x2F) character. ... A JSON Pointer can be represented in a URI fragment identifier ...

Thus, #definitions/... without / after the # is an error and should NOT be resolved successfully.

shockey commented 6 years ago

Triage

Swagger-Client's $ref plugin is causing this, by being too tolerant in processing JSON Pointers.

I've added a failing test to a branch: https://github.com/shockey/swagger-js/commit/445597b1ead7a711025064f0869b5733a52debf2

We can do any of the following:

webron commented 6 years ago

Should be fixed.