Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-05-02 14:36:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

simplify logic, adding test cases for all combinations of URLs that are regarded as secure context

Browse source
This commit is contained in:
El RIDO 2019-06-23 10:38:08 +02:00
parent 61fde53de0
commit 40493dfb3a
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
4 changed files with 63 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

19
js/privatebin.js
View file

@ -4545,20 +4545,17 @@ jQuery.PrivateBin = (function($, RawDeflate) {
}
// filter out actually secure connections over HTTP
if (
url.hostname.endsWith('.onion') ||
url.hostname.endsWith('.i2p')
) {
return false;
for (const tld of ['.onion', '.i2p']) {
if (url.hostname.endsWith(tld)) {
return false;
}
}
// whitelist localhost for development
if (
url.hostname === 'localhost' ||
url.hostname === '127.0.0.1' ||
url.hostname === '[::1]'
) {
return false;
for (const hostname of ['localhost', '127.0.0.1', '[::1]']) {
if (url.hostname === hostname) {
return false;
}
}
// totally INSECURE http protocol!