Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-05-04 23:44:59 -04:00
Code Issues Projects Releases Packages Wiki Activity

addressing jsverifyRngState 8b8f0d4ec2a67139b5, fixes HTML injection via filename, closes #554

Browse source
This commit is contained in:
El RIDO 2019-12-25 09:14:32 +01:00
parent ddaee6486d
commit 8d0ac336d2
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
5 changed files with 11 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
js/test/AttachmentViewer.js
View file

@ -25,7 +25,7 @@ describe('AttachmentViewer', function () {
mimeType.match(/\/pdf/i)
),
results = [];
prefix = prefix.replace(/%(s|d)/g, '%%');
prefix = prefix.replace(/%(s|d)/g, '%%');
postfix = postfix.replace(/%(s|d)/g, '%%');
$('body').html(
'<div id="attachment" role="alert" class="hidden alert ' +
@ -90,7 +90,7 @@ describe('AttachmentViewer', function () {
results.push(
element.children()[0].href === data &&
element.children()[0].getAttribute('download') === filename &&
element.children()[0].text === prefix + filename + postfix
element.children()[0].text === $('<div />').text(prefix + filename + postfix).html()
);
} else {
results.push(element.children()[0].href === data);