Sebastien SAUVAGE daf5522b1e Potentiel security bug corrected ...

Bug reproduction: 1) paste texte containing html/javascript. 2) send 3)
clic "Raw text"  4) refresh: The html/javascript is interpreted instead
of just displayed.
Under some versions of Chrome, it happens without refreshing.
This bug was corrected.

(cherry picked from commit 4f8750bbddcb137213529875e45e3ace3be9a769)

2015-08-15 22:24:25 +02:00

cfg

fixing regressions from cherrypicking

2015-08-15 21:39:08 +02:00

css

XSS flaw correction

2015-08-15 22:01:43 +02:00

img

Added "Raw text" button.

2015-08-15 20:25:46 +02:00

js

Potentiel security bug corrected

2015-08-15 22:24:25 +02:00

lib

Stronger server salt

2015-08-15 22:18:57 +02:00

tpl

fixing regressions from cherrypicking

2015-08-15 21:39:08 +02:00

tst

reviewed unit tests, fixing line endings, added more tests

2015-08-15 18:32:31 +02:00

.gitignore

Included .htaccess and .htapasswd for safety.

2013-11-01 01:20:59 +01:00

CHANGELOG.md

XSS flaw correction

2015-08-15 22:01:43 +02:00

CREDITS.md

had to revert to HTML5 instead of XHTML5 because of compatibility

2012-08-28 23:28:41 +02:00

index.php

XSS flaw correction

2015-08-15 22:01:43 +02:00

INSTALL.md

had to revert to HTML5 instead of XHTML5 because of compatibility

2012-08-28 23:28:41 +02:00

README.md

XSS flaw correction

2015-08-15 22:01:43 +02:00

robots.txt

Incorrect structure

2013-11-01 01:22:16 +01:00

Description

A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

cryptocryptographyencryptedone-timepastepastebinphpsecurityself-destroyself-hostedself-hosting

Readme 28 MiB

Languages

PHP 47.1%

JavaScript 35.5%

CSS 17.2%

Makefile 0.2%