mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-12-25 07:19:31 -05:00
Merge pull request #1464 from PrivateBin/wasm-streaming
WASM streaming / eliminate unsafe-eval
This commit is contained in:
commit
1c7d639546
@ -1,6 +1,7 @@
|
|||||||
# PrivateBin version history
|
# PrivateBin version history
|
||||||
|
|
||||||
## 1.7.6 (not yet released)
|
## 1.7.6 (not yet released)
|
||||||
|
* CHANGED: Switched to WASM streaming and replace unsafe-eval with wasm-unsafe-eval CSP declaration (#1464), requires webserver to have `application/wasm` MIME type configured.
|
||||||
|
|
||||||
## 1.7.5 (2024-11-16)
|
## 1.7.5 (2024-11-16)
|
||||||
* ADDED: Allow non persistent SQL connections, if configured (#1394)
|
* ADDED: Allow non persistent SQL connections, if configured (#1394)
|
||||||
|
@ -101,11 +101,9 @@ languageselection = false
|
|||||||
; they are embedded in pastes. If you wish to allow that, you can adjust the
|
; they are embedded in pastes. If you wish to allow that, you can adjust the
|
||||||
; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
|
; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
|
||||||
; for details.
|
; for details.
|
||||||
; - The 'unsafe-eval' is used in two cases; to check if the browser supports
|
; - The 'wasm-unsafe-eval' is used to enable webassembly support (used for zlib
|
||||||
; async functions and display an error if not and for Chrome to enable
|
; compression). You can remove it if compression doesn't need to be supported.
|
||||||
; webassembly support (used for zlib compression). You can remove it if Chrome
|
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
|
||||||
; doesn't need to be supported and old browsers don't need to be warned.
|
|
||||||
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
|
|
||||||
|
|
||||||
; stay compatible with PrivateBin Alpha 0.19, less secure
|
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||||
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||||
|
13
js/legacy.js
13
js/legacy.js
@ -6,7 +6,6 @@
|
|||||||
* @see {@link https://github.com/PrivateBin/PrivateBin}
|
* @see {@link https://github.com/PrivateBin/PrivateBin}
|
||||||
* @copyright 2012 Sébastien SAUVAGE ({@link http://sebsauvage.net})
|
* @copyright 2012 Sébastien SAUVAGE ({@link http://sebsauvage.net})
|
||||||
* @license {@link https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License}
|
* @license {@link https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License}
|
||||||
* @version 1.3.1
|
|
||||||
* @name Legacy
|
* @name Legacy
|
||||||
* @namespace
|
* @namespace
|
||||||
*/
|
*/
|
||||||
@ -175,18 +174,6 @@
|
|||||||
)) {
|
)) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// async & ES6 support
|
|
||||||
try {
|
|
||||||
eval('async () => {}');
|
|
||||||
} catch (e) {
|
|
||||||
if (e instanceof SyntaxError) {
|
|
||||||
return true;
|
|
||||||
} else {
|
|
||||||
throw e; // throws CSP error
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -23,16 +23,7 @@
|
|||||||
_abort: errno => { console.error(`Error: ${errno}`) },
|
_abort: errno => { console.error(`Error: ${errno}`) },
|
||||||
_grow: () => { },
|
_grow: () => { },
|
||||||
};
|
};
|
||||||
|
const ins = (await WebAssembly.instantiateStreaming(fetch('js/zlib-1.3.1.wasm'), { env })).instance;
|
||||||
let buff;
|
|
||||||
if (typeof fs === 'object') {
|
|
||||||
buff = fs.readFileSync('zlib-1.3.1.wasm');
|
|
||||||
} else {
|
|
||||||
const resp = await fetch('js/zlib-1.3.1.wasm');
|
|
||||||
buff = await resp.arrayBuffer();
|
|
||||||
}
|
|
||||||
const module = await WebAssembly.compile(buff);
|
|
||||||
const ins = await WebAssembly.instantiate(module, { env });
|
|
||||||
|
|
||||||
const srcPtr = ins.exports._malloc(CHUNK_SIZE);
|
const srcPtr = ins.exports._malloc(CHUNK_SIZE);
|
||||||
const dstPtr = ins.exports._malloc(CHUNK_SIZE);
|
const dstPtr = ins.exports._malloc(CHUNK_SIZE);
|
||||||
|
@ -54,7 +54,7 @@ class Configuration
|
|||||||
'qrcode' => true,
|
'qrcode' => true,
|
||||||
'email' => true,
|
'email' => true,
|
||||||
'icon' => 'identicon',
|
'icon' => 'identicon',
|
||||||
'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
|
'cspheader' => 'default-src \'none\'; base-uri \'self\'; form-action \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'wasm-unsafe-eval\'; style-src \'self\'; font-src \'self\'; frame-ancestors \'none\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
|
||||||
'zerobincompatibility' => false,
|
'zerobincompatibility' => false,
|
||||||
'httpwarning' => true,
|
'httpwarning' => true,
|
||||||
'compression' => 'zlib',
|
'compression' => 'zlib',
|
||||||
@ -106,13 +106,13 @@ class Configuration
|
|||||||
'js/dark-mode-switch.js' => 'sha512-CCbdHdeWDbDO7aqFFmhgnvFESzaILHbUYmbhNjTpcjyO/XYdouQ9Pw8W9rpV8oJT1TsK5FbwSHU1oazmnb7BWA==',
|
'js/dark-mode-switch.js' => 'sha512-CCbdHdeWDbDO7aqFFmhgnvFESzaILHbUYmbhNjTpcjyO/XYdouQ9Pw8W9rpV8oJT1TsK5FbwSHU1oazmnb7BWA==',
|
||||||
'js/jquery-3.7.1.js' => 'sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==',
|
'js/jquery-3.7.1.js' => 'sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==',
|
||||||
'js/kjua-0.9.0.js' => 'sha512-CVn7af+vTMBd9RjoS4QM5fpLFEOtBCoB0zPtaqIDC7sF4F8qgUSRFQQpIyEDGsr6yrjbuOLzdf20tkHHmpaqwQ==',
|
'js/kjua-0.9.0.js' => 'sha512-CVn7af+vTMBd9RjoS4QM5fpLFEOtBCoB0zPtaqIDC7sF4F8qgUSRFQQpIyEDGsr6yrjbuOLzdf20tkHHmpaqwQ==',
|
||||||
'js/legacy.js' => 'sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==',
|
'js/legacy.js' => 'sha512-UxW/TOZKon83n6dk/09GsYKIyeO5LeBHokxyIq+r7KFS5KMBeIB/EM7NrkVYIezwZBaovnyNtY2d9tKFicRlXg==',
|
||||||
'js/prettify.js' => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==',
|
'js/prettify.js' => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==',
|
||||||
'js/privatebin.js' => 'sha512-JUj/Sbl/bMHlIoIUT1U9e89JU33fDBxCxLSGxwwaeydBFXOBHyfdF7hwSIjgbPxb4d9CO7CSe4meouTIRMy8Vg==',
|
'js/privatebin.js' => 'sha512-JUj/Sbl/bMHlIoIUT1U9e89JU33fDBxCxLSGxwwaeydBFXOBHyfdF7hwSIjgbPxb4d9CO7CSe4meouTIRMy8Vg==',
|
||||||
'js/purify-3.1.7.js' => 'sha512-LegvqULiMtOfboJZw9MpETN/b+xnLRXZI90gG7oIFHW+yAeHmKvRtEUbiMFx2WvUqQoL9XB3gwU+hWXUT0X+8A==',
|
'js/purify-3.1.7.js' => 'sha512-LegvqULiMtOfboJZw9MpETN/b+xnLRXZI90gG7oIFHW+yAeHmKvRtEUbiMFx2WvUqQoL9XB3gwU+hWXUT0X+8A==',
|
||||||
'js/rawinflate-0.3.js' => 'sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==',
|
'js/rawinflate-0.3.js' => 'sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==',
|
||||||
'js/showdown-2.1.0.js' => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==',
|
'js/showdown-2.1.0.js' => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==',
|
||||||
'js/zlib-1.3.1.js' => 'sha512-Z90oppVx/mn0DG2k9airjFVQuliELlXLeT3SRiO6MLiUSbhGlAq+UFwmYbG4i9mwW87dkG8fgJPapGwnUq7Osg==',
|
'js/zlib-1.3.1.js' => 'sha512-5bU9IIP4PgBrOKLZvGWJD4kgfQrkTz8Z3Iqeu058mbQzW3mCumOU6M3UVbVZU9rrVoVwaW4cZK8U8h5xjF88eQ==',
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user