From b41d9f23a53f3f8b3c0f51562c85ddc40403936b Mon Sep 17 00:00:00 2001
From: Kyle Shockey <shockey@users.noreply.github.com>
Date: Wed, 10 Apr 2019 15:55:11 -0700
Subject: [PATCH] fix: refuse to render non-string Markdown field values

---
 src/core/components/providers/markdown.jsx         | 4 ++++
 src/core/plugins/oas3/wrap-components/markdown.jsx | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/src/core/components/providers/markdown.jsx b/src/core/components/providers/markdown.jsx
index ee2ddec2e35..69c5cc1d68f 100644
--- a/src/core/components/providers/markdown.jsx
+++ b/src/core/components/providers/markdown.jsx
@@ -19,6 +19,10 @@ DomPurify.addHook("beforeSanitizeElements", function (current, ) {
 const isPlainText = (str) => /^[A-Z\s0-9!?\.]+$/gi.test(str)
 
 function Markdown({ source, className = "" }) {
+    if (typeof source !== "string") {
+      return null
+    }
+
     if(isPlainText(source)) {
       // If the source text is not Markdown,
       // let's save some time and just render it.
diff --git a/src/core/plugins/oas3/wrap-components/markdown.jsx b/src/core/plugins/oas3/wrap-components/markdown.jsx
index 51c44a05e22..432333e615d 100644
--- a/src/core/plugins/oas3/wrap-components/markdown.jsx
+++ b/src/core/plugins/oas3/wrap-components/markdown.jsx
@@ -10,6 +10,10 @@ parser.block.ruler.enable(["table"])
 parser.set({ linkTarget: "_blank" })
 
 export const Markdown = ({ source, className = "" }) => {
+  if(typeof source !== "string") {
+    return null
+  }
+  
   if ( source ) {
     const html = parser.render(source)
     const sanitized = sanitizer(html)