The issue was that I reused an existing module variable.
Now we have (yet another one) temp var for that.
Practically this fixes the "clone paste" button by using the original text.
If special characters were included the source code (HTML-like ones like < and >) is was not rendered.
Fixes https://github.com/PrivateBin/PrivateBin/issues/588
It includes a change in the RegEx for URLs because that was broken when a
& character later followed at any time after a link (even after a newline).
(with a negative lookahead)
Test with https://regex101.com/r/i7bZ73/1
Now the RegEx does not check for _all_ chars after a link, but just for the
one following the link.
(So the lookahead is not * anymore. I guess thsi behaviour was
the expectation when it has been implemented.)
This reverts commit 62365880b4. The unit tests showed that the text2string function completely undid the XSS fix, so it was always unsafe to use it. Also the logic simplifications were smaller then expected.
- added tests for all 4 cases: output to string or into element vs first param contains link or not
- cleaned up logic - skip HTML entity encoding only if we can ensure insertion to text node / when output to string, we always encode
- DOMpurify sanitizes gopher, ws & wss links, which we previosly had tested for
Tested configurations:
- browser with WASM support (Firefox 68.0.2)
- creates paste with zlib compression, no password
- creates paste with zlib compression, with password
- reads paste with zlib compression, no password
- reads paste with zlib compression, with password + retry button works
- reads paste without compression, no password
- reads paste without compression, with password + retry button works
- browser without WASM support (Chromium 76.0.3809.100, started via `chromium-browser --js-flags=--noexpose_wasm`)
- creates paste without compression, no password, but shows WASM warning
- creates paste without compression, with password, but shows WASM warning
- fails to read paste with zlib compression, no password + shows WASM error
- fails to read paste with zlib compression, with password + shows WASM error
- reads paste without compression, no password
- reads paste without compression, with password + retry button works
