Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-07-20 05:33:17 -04:00
Code Issues Projects Releases Packages Wiki Activity

several changes:

Browse source 
- added tests for all 4 cases: output to string or into element vs first param contains link or not
- cleaned up logic - skip HTML entity encoding only if we can ensure insertion to text node / when output to string, we always encode
- DOMpurify sanitizes gopher, ws & wss links, which we previosly had tested for
This commit is contained in:
El RIDO 2020-01-18 10:44:35 +01:00
parent fa9d3037ba
commit 685c354d0e
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
6 changed files with 105 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

2
js/test/AttachmentViewer.js
View file

@ -88,7 +88,7 @@ describe('AttachmentViewer', function () {
if (prefix.indexOf('<a') === -1 && postfix.indexOf('<a') === -1) {
result = $.PrivateBin.Helper.htmlEntities(prefix + filename + postfix);
} else {
result = $('<div>').html(prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix).html();
result = prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix;
}
if (filename.length) {
results.push(