Commit Graph

1128 Commits

Author SHA1 Message Date
El RIDO
917f2dfa2b
add Node Security configuration and enabling it in CodeClimate 2018-01-06 08:06:09 +01:00
El RIDO
f90ad11bcd
adding JSHint configuration 2018-01-06 08:05:27 +01:00
El RIDO
2db412873b
implementing ESlint suggestions 2018-01-06 07:17:33 +01:00
El RIDO
5e070db6a1
reverting escaping just for Markdown formatting, as discussed in #269 2018-01-03 21:18:33 +01:00
El RIDO
a95701bba8
completing DiscussionViewer testing 2018-01-02 15:38:37 +01:00
El RIDO
fcb4249e01
actually IDs are hexadecimal, not base64, so not a problem 2018-01-02 11:51:11 +01:00
El RIDO
95bf37be8f
implementing DiscussionViewer test, found an issue with slashes in the paste or comment IDs (as per Base64 encoding) 2018-01-02 11:44:54 +01:00
El RIDO
28f1f41c17
removing duplicate code and unused option 2018-01-02 11:42:03 +01:00
El RIDO
49feb300b6
further tweaking travis CI scripts 2018-01-02 09:38:28 +01:00
El RIDO
85401a1513
Merge branch 'master' into js-unit-testing 2018-01-02 09:37:46 +01:00
El RIDO
6eb8822059
optimizing PNG 2018-01-02 08:44:38 +01:00
El RIDO
dae11fdd16
Merge branch 'qrcode' 2018-01-02 08:43:42 +01:00
El RIDO
6ce0fe55f6
revert as per StyleCI: missed one 2018-01-02 08:41:45 +01:00
El RIDO
f135dd2667
Hrmpf, StyleCI only allows the use of either tabs or spaces for PHP code, forcing me to revert the use of tabs in the templates 2018-01-02 08:31:12 +01:00
El RIDO
ec3ed1e5ff
removing unused code and reducing size of HTML in case QR code is turned off 2018-01-02 08:23:11 +01:00
El RIDO
98a8591a27
naming JS libraries consistently 2018-01-02 08:01:39 +01:00
El RIDO
fe54889b99
fixing failing unit test 2018-01-02 07:56:46 +01:00
El RIDO
094a0c80db
Merge branch 'master' into qrcode 2018-01-02 07:56:16 +01:00
El RIDO
76c14795ef
removing unnecessary repository from composer: We do not depend on ourselves 2018-01-02 07:30:51 +01:00
El RIDO
daebd41af7
correcting syntax of npm install 2018-01-02 07:19:07 +01:00
El RIDO
63e5f5c101
improving npm installation performance 2018-01-02 07:14:58 +01:00
El RIDO
12c5e9db39
Maybe not needed anymore? See https://github.com/composer/composer/issues/4884#issuecomment-195229989 2018-01-02 06:49:56 +01:00
El RIDO
bb54d46c7e
updating DOMPurify library, simplifying its use, ensuring HTML entities get escaped before formatting paste - regression introduced in #258, reported in #269 2018-01-01 10:25:07 +01:00
El RIDO
6093f0cc9c
enable travis CI caching, hoping to circumvent composer rate limiting 2018-01-01 09:31:48 +01:00
rugk
414ab0eb71
Add config and basic page template support
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
  of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
El RIDO
d80c2f83fa
making DiscussionViewer testable, removing some inconsistency 2017-12-18 14:47:17 +01:00
El RIDO
928215dc5e
splitting out PasteViewer, DiscussionViewer, AttachmentViewer tests 2017-12-18 14:25:08 +01:00
El RIDO
893d29a046
splitting out Alert, Editor, PasteStatus, Prompt, UiHelper tests 2017-12-15 07:20:51 +01:00
El RIDO
be358a6804
splitting out Model tests 2017-12-14 07:31:09 +01:00
El RIDO
5b9ac67504
splitting out CryptTool tests 2017-12-14 07:23:38 +01:00
El RIDO
3fed63ce28
ensuring internal variables of common module are not changed by providing getter functions, splitting out I18n tests 2017-12-14 07:19:05 +01:00
El RIDO
dfd906900b
started to split humongous test.js into separate files 2017-12-13 07:40:48 +01:00
El RIDO
1f4e0092d9
add testing on php 7.2 2017-12-03 15:39:05 +01:00
El RIDO
39860dfdc4
making AttachmentViewer testable and implementing tests 2017-12-03 14:29:07 +01:00
El RIDO
dac86eb363
making AttachmentViewer testable 2017-11-28 06:38:10 +01:00
rugk
7bf5af761b
Add QR code generation when paste is created 2017-11-26 15:59:12 +01:00
El RIDO
9f973edb7d
Merge branch 'sanitizeMarkdown' 2017-11-22 22:45:04 +01:00
El RIDO
d9c6b634b9
remove dangling comma 2017-11-22 22:44:38 +01:00
El RIDO
a0740ff79f
getting rid of htmlEntities (except for tests) and setElementText (dropping IE9 support), changing urls2links interface, all to avoid double encoding sanitized HTML 2017-11-22 22:27:38 +01:00
El RIDO
d0cccce7a8
removing patterns that don't get sanitized, but also don't get interpreted when inserted into the HTML 2017-11-22 20:49:23 +01:00
rugk
56f4ee5c20
Revert "Try to move sanitisation & links into setElementText"
This reverts commit 8d2e19f791.
2017-11-22 16:48:54 +01:00
rugk
8d2e19f791
Try to move sanitisation & links into setElementText 2017-11-22 16:48:00 +01:00
rugk
3d2dbabaec
add some more tests from OWASP 2017-11-22 15:41:49 +01:00
El RIDO
9fa2ea3373
ensuring text is sanitized in all cases, before being injected into the DOM 2017-11-22 08:05:06 +01:00
El RIDO
2d00202b42
correcting the XSS test, commenting two failing patterns, to be reviewed by @rugk 2017-11-22 07:03:29 +01:00
El RIDO
233bd65b00
Merge branch 'master' into sanitizeMarkdown, changing test to use new library 2017-11-22 06:30:38 +01:00
El RIDO
f2628a0bf3
added a test for #183, fails at this point, #258 should fix this 2017-11-22 06:15:09 +01:00
El RIDO
e40da8b1a6
Merge branch 'js-unit-testing' 2017-11-22 05:33:24 +01:00
rugk
bbec693cab
Allow DOMPurify as a global 2017-11-21 22:26:02 +01:00
rugk
b6d7d56774
Sanitize HTML code
using DOMPurify v1.0.2
Fixes https://github.com/PrivateBin/PrivateBin/issues/183
2017-11-21 21:22:51 +01:00