Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-09-20 20:54:44 -04:00
Code Issues Projects Releases Packages Wiki Activity

add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it

Browse source
This commit is contained in:
El RIDO 2020-02-01 08:46:59 +01:00
parent 428ea2f34e
commit cc0920fc09
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
21 changed files with 47 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

6
js/test/I18n.js
View file

@ -38,7 +38,7 @@ describe('I18n', function () {
} else {
messageId = DOMPurify.sanitize(
messageId, {
ALLOWED_TAGS: ['a', 'br', 'i', 'span'],
ALLOWED_TAGS: ['a', 'i', 'span'],
ALLOWED_ATTR: ['href', 'id']
}
);
@ -77,7 +77,7 @@ describe('I18n', function () {
postfix = postfix.replace(/%(s|d)/g, '%%');
const translation = DOMPurify.sanitize(
prefix + $.PrivateBin.Helper.htmlEntities(params[0]) + '<a></a>' + postfix, {
ALLOWED_TAGS: ['a', 'br', 'i', 'span'],
ALLOWED_TAGS: ['a', 'i', 'span'],
ALLOWED_ATTR: ['href', 'id']
}
);
@ -129,7 +129,7 @@ describe('I18n', function () {
postfix = postfix.replace(/%(s|d)/g, '%%').trim();
const translation = DOMPurify.sanitize(
prefix + $.PrivateBin.Helper.htmlEntities(params[0]) + '<a></a>' + postfix, {
ALLOWED_TAGS: ['a', 'br', 'i', 'span'],
ALLOWED_TAGS: ['a', 'i', 'span'],
ALLOWED_ATTR: ['href', 'id']
}
);