Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-05-02 22:45:10 -04:00
Code Issues Projects Releases Packages Wiki Activity

correcting the XSS test, commenting two failing patterns, to be reviewed by @rugk

Browse source
This commit is contained in:
El RIDO 2017-11-22 07:03:29 +01:00
parent 233bd65b00
commit 2d00202b42
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
4 changed files with 18 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

12
js/privatebin.js
View file

@ -12,6 +12,7 @@
*/
/** global: Base64 */
/** global: DOMPurify */
/** global: FileReader */
/** global: RawDeflate */
/** global: history */
@ -1777,7 +1778,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
});
// let showdown convert the HTML and sanitize HTML *afterwards*!
$plainText.html(
/** global: DOMPurify */
DOMPurify.sanitize(converter.makeHtml(text), {SAFE_FOR_JQUERY: true})
);
// add table classes from bootstrap css
@ -1800,6 +1800,16 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
// convert URLs to clickable links
Helper.urls2links($plainText);
Helper.urls2links($prettyPrint);
$plainText.html(
DOMPurify.sanitize(
$plainText.html(), {SAFE_FOR_JQUERY: true}
)
);
$prettyPrint.html(
DOMPurify.sanitize(
$prettyPrint.html(), {SAFE_FOR_JQUERY: true}
)
);
$prettyPrint.css('white-space', 'pre-wrap');
$prettyPrint.css('word-break', 'normal');