For #531. Escape HTML when serializing swagger to string (#532)

levimatheri · Levi Muriuki · web-flow · commit 0f129dca32d3 · 2021-06-28T15:41:54.000-07:00
Co-authored-by: Levi Muriuki &lt;muriukilm@upmc.edu&gt;
diff --git a/src/APIM_ARMTemplate/apimtemplate/Creator/Utilities/OpenApi.cs b/src/APIM_ARMTemplate/apimtemplate/Creator/Utilities/OpenApi.cs
@@ -52,7 +52,8 @@ public string GetDefinition()
             }
             else
             {
-                return JsonConvert.SerializeObject(definition_);
+                // include StringEscaping to ensure single quotes are escaped
+                return JsonConvert.SerializeObject(definition_, settings: new JsonSerializerSettings { StringEscapeHandling = StringEscapeHandling.EscapeHtml});
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,8 @@ public string GetDefinition()`
`52`	`52`	`}`
`53`	`53`	`else`
`54`	`54`	`{`
`55`		`- return JsonConvert.SerializeObject(definition_);`
	`55`	`+ // include StringEscaping to ensure single quotes are escaped`
	`56`	`+ return JsonConvert.SerializeObject(definition_, settings: new JsonSerializerSettings { StringEscapeHandling = StringEscapeHandling.EscapeHtml});`
`56`	`57`	`}`
`57`	`58`	`}`
`58`	`59`