diff --git a/js/privatebin.js b/js/privatebin.js
index e76bf98c..d2b85448 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -2422,52 +2422,54 @@ jQuery.PrivateBin = (function($, RawDeflate) {
return;
}
- // escape HTML entities, link URLs, sanitize
- const escapedLinkedText = Helper.urls2links(text),
- sanitizedLinkedText = DOMPurify.sanitize(
- escapedLinkedText, {
- ALLOWED_TAGS: ['a'],
- ALLOWED_ATTR: ['href', 'rel']
- }
- );
- $plainText.html(sanitizedLinkedText);
- $prettyPrint.html(sanitizedLinkedText);
+ if (format === 'markdown') {
+ const converter = new showdown.Converter({
+ strikethrough: true,
+ tables: true,
+ tablesHeaderId: true,
+ simplifiedAutoLink: true,
+ excludeTrailingPunctuationFromURLs: true
+ });
+ // let showdown convert the HTML and sanitize HTML *afterwards*!
+ $plainText.html(
+ DOMPurify.sanitize(
+ converter.makeHtml(text)
+ )
+ );
+ // add table classes from bootstrap css
+ $plainText.find('table').addClass('table-condensed table-bordered');
+ } else {
+ // escape HTML entities, link URLs, sanitize
+ const escapedLinkedText = Helper.urls2links(text);
+ let sanitizeLinkedText = '',
+ sanitizerConfiguration = {};
- switch (format) {
- case 'markdown':
- const converter = new showdown.Converter({
- strikethrough: true,
- tables: true,
- tablesHeaderId: true,
- simplifiedAutoLink: true,
- excludeTrailingPunctuationFromURLs: true
- });
- // let showdown convert the HTML and sanitize HTML *afterwards*!
- $plainText.html(
- DOMPurify.sanitize(
- converter.makeHtml(text)
- )
- );
- // add table classes from bootstrap css
- $plainText.find('table').addClass('table-condensed table-bordered');
- break;
- case 'syntaxhighlighting':
+ if (format === 'syntaxhighlighting') {
// yes, this is really needed to initialize the environment
if (typeof prettyPrint === 'function')
{
prettyPrint();
}
- $prettyPrint.html(
- DOMPurify.sanitize(
- prettyPrintOne(escapedLinkedText, null, true)
- )
+ sanitizeLinkedText = prettyPrintOne(
+ escapedLinkedText, null, true
);
- // fall through, as the rest is the same
- default: // = 'plaintext'
- $prettyPrint.css('white-space', 'pre-wrap');
- $prettyPrint.css('word-break', 'normal');
- $prettyPrint.removeClass('prettyprint');
+ } else {
+ // = 'plaintext'
+ sanitizeLinkedText = escapedLinkedText;
+ sanitizerConfiguration = {
+ ALLOWED_TAGS: ['a'],
+ ALLOWED_ATTR: ['href', 'rel']
+ };
+ }
+ $prettyPrint.html(
+ DOMPurify.sanitize(
+ sanitizeLinkedText, sanitizerConfiguration
+ )
+ );
+ $prettyPrint.css('white-space', 'pre-wrap');
+ $prettyPrint.css('word-break', 'normal');
+ $prettyPrint.removeClass('prettyprint');
}
}
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index faaa9779..843dc6a7 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -72,7 +72,7 @@ endif;
?>
-
+
diff --git a/tpl/page.php b/tpl/page.php
index 8dc9c0d9..c976ce2f 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -50,7 +50,7 @@ endif;
?>
-
+