Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-05-02 06:26:16 -04:00
Code Issues Projects Releases Packages Wiki Activity

properly escaping HTML in raw text mode, fixes #358

Browse source
This commit is contained in:
El RIDO 2018-09-02 09:14:36 +02:00
parent fe7fa09ce8
commit 8b71cb0b2f
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
3 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
js/privatebin.js
View file

@ -2894,7 +2894,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
for (var i = 0; i < $head.length; i++) {
newDoc.write($head[i].outerHTML);
}
newDoc.write('</head><body><pre>' + DOMPurify.sanitize(paste) + '</pre></body></html>');
newDoc.write('</head><body><pre>' + DOMPurify.sanitize($('<div />').text(paste).html()) + '</pre></body></html>');
newDoc.close();
}