Merge branch 'master' into qrcode
This commit is contained in:
commit
094a0c80db
12
.travis.yml
12
.travis.yml
@ -9,10 +9,10 @@ php:
|
|||||||
|
|
||||||
# as this is a php project, node.js v4 (for JS unit testing) isn't installed
|
# as this is a php project, node.js v4 (for JS unit testing) isn't installed
|
||||||
install:
|
install:
|
||||||
- rm -rf ~/.nvm && git clone https://github.com/creationix/nvm.git ~/.nvm && (cd ~/.nvm && git checkout `git describe --abbrev=0 --tags`) && source ~/.nvm/nvm.sh && nvm install 4
|
- if [ ! -d "$HOME/.nvm" ]; then mkdir -p $HOME/.nvm && curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | NVM_METHOD=script bash; fi
|
||||||
|
- source ~/.nvm/nvm.sh && nvm install 4
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
- composer config -g github-oauth.github.com "$GITHUB_TOKEN"
|
|
||||||
- composer install -n
|
- composer install -n
|
||||||
- npm install -g mocha
|
- npm install -g mocha
|
||||||
- cd js
|
- cd js
|
||||||
@ -27,3 +27,11 @@ after_script:
|
|||||||
- cd ..
|
- cd ..
|
||||||
- vendor/bin/codacycoverage clover tst/log/coverage-clover.xml
|
- vendor/bin/codacycoverage clover tst/log/coverage-clover.xml
|
||||||
- vendor/bin/test-reporter --coverage-report tst/log/coverage-clover.xml
|
- vendor/bin/test-reporter --coverage-report tst/log/coverage-clover.xml
|
||||||
|
|
||||||
|
cache:
|
||||||
|
directories:
|
||||||
|
- $HOME/.composer/cache/files
|
||||||
|
- $HOME/.composer/cache/vcs
|
||||||
|
- $HOME/.nvm
|
||||||
|
- $HOME/.npm
|
||||||
|
- js/node_modules
|
||||||
|
@ -11,12 +11,6 @@
|
|||||||
"source": "https://github.com/PrivateBin/PrivateBin",
|
"source": "https://github.com/PrivateBin/PrivateBin",
|
||||||
"docs": "https://zerobin.dssr.ch/documentation/"
|
"docs": "https://zerobin.dssr.ch/documentation/"
|
||||||
},
|
},
|
||||||
"repositories": [
|
|
||||||
{
|
|
||||||
"type": "vcs",
|
|
||||||
"url": "https://github.com/PrivateBin/PrivateBin"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"require": {
|
"require": {
|
||||||
"php": "^5.4.0 || ^7.0",
|
"php": "^5.4.0 || ^7.0",
|
||||||
"paragonie/random_compat": "2.0.4",
|
"paragonie/random_compat": "2.0.4",
|
||||||
|
@ -1701,7 +1701,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// set sanitized and linked text
|
// set sanitized and linked text
|
||||||
var sanitizedLinkedText = DOMPurify.sanitize(Helper.urls2links(text), {SAFE_FOR_JQUERY: true});
|
var sanitizedLinkedText = DOMPurify.sanitize(Helper.urls2links(text));
|
||||||
$plainText.html(sanitizedLinkedText);
|
$plainText.html(sanitizedLinkedText);
|
||||||
$prettyPrint.html(sanitizedLinkedText);
|
$prettyPrint.html(sanitizedLinkedText);
|
||||||
|
|
||||||
@ -1714,7 +1714,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|||||||
});
|
});
|
||||||
// let showdown convert the HTML and sanitize HTML *afterwards*!
|
// let showdown convert the HTML and sanitize HTML *afterwards*!
|
||||||
$plainText.html(
|
$plainText.html(
|
||||||
DOMPurify.sanitize(converter.makeHtml(text), {SAFE_FOR_JQUERY: true})
|
DOMPurify.sanitize(converter.makeHtml(text))
|
||||||
);
|
);
|
||||||
// add table classes from bootstrap css
|
// add table classes from bootstrap css
|
||||||
$plainText.find('table').addClass('table-condensed table-bordered');
|
$plainText.find('table').addClass('table-condensed table-bordered');
|
||||||
@ -1728,8 +1728,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|||||||
|
|
||||||
$prettyPrint.html(
|
$prettyPrint.html(
|
||||||
DOMPurify.sanitize(
|
DOMPurify.sanitize(
|
||||||
prettyPrintOne(Helper.urls2links(text), null, true),
|
prettyPrintOne(Helper.urls2links(text), null, true)
|
||||||
{SAFE_FOR_JQUERY: true}
|
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
// fall through, as the rest is the same
|
// fall through, as the rest is the same
|
||||||
@ -1825,6 +1824,8 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|||||||
*/
|
*/
|
||||||
me.setText = function(newText)
|
me.setText = function(newText)
|
||||||
{
|
{
|
||||||
|
// escape HTML entities
|
||||||
|
newText = $('<div />').text(newText).html();
|
||||||
if (text !== newText) {
|
if (text !== newText) {
|
||||||
text = newText;
|
text = newText;
|
||||||
isChanged = true;
|
isChanged = true;
|
||||||
@ -2224,8 +2225,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|||||||
// set & parse text
|
// set & parse text
|
||||||
$commentEntryData.html(
|
$commentEntryData.html(
|
||||||
DOMPurify.sanitize(
|
DOMPurify.sanitize(
|
||||||
Helper.urls2links(commentText),
|
Helper.urls2links(commentText)
|
||||||
{SAFE_FOR_JQUERY: true}
|
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -2531,7 +2531,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|||||||
for (var i = 0; i < $head.length; i++) {
|
for (var i = 0; i < $head.length; i++) {
|
||||||
newDoc.write($head[i].outerHTML);
|
newDoc.write($head[i].outerHTML);
|
||||||
}
|
}
|
||||||
newDoc.write('</head><body><pre>' + DOMPurify.sanitize(paste, {SAFE_FOR_JQUERY: true}) + '</pre></body></html>');
|
newDoc.write('</head><body><pre>' + DOMPurify.sanitize(paste) + '</pre></body></html>');
|
||||||
newDoc.close();
|
newDoc.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3961,10 +3961,11 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|||||||
// first load translations
|
// first load translations
|
||||||
I18n.loadTranslations();
|
I18n.loadTranslations();
|
||||||
|
|
||||||
|
DOMPurify.setConfig({SAFE_FOR_JQUERY: true});
|
||||||
|
|
||||||
// initialize other modules/"classes"
|
// initialize other modules/"classes"
|
||||||
Alert.init();
|
Alert.init();
|
||||||
Model.init();
|
Model.init();
|
||||||
|
|
||||||
AttachmentViewer.init();
|
AttachmentViewer.init();
|
||||||
DiscussionViewer.init();
|
DiscussionViewer.init();
|
||||||
Editor.init();
|
Editor.init();
|
||||||
|
1
js/purify-1.0.3.js
Normal file
1
js/purify-1.0.3.js
Normal file
File diff suppressed because one or more lines are too long
2
js/purify.min.js
vendored
2
js/purify.min.js
vendored
File diff suppressed because one or more lines are too long
@ -42,7 +42,7 @@ require('./prettify');
|
|||||||
global.prettyPrint = window.PR.prettyPrint;
|
global.prettyPrint = window.PR.prettyPrint;
|
||||||
global.prettyPrintOne = window.PR.prettyPrintOne;
|
global.prettyPrintOne = window.PR.prettyPrintOne;
|
||||||
global.showdown = require('./showdown-1.6.1');
|
global.showdown = require('./showdown-1.6.1');
|
||||||
global.DOMPurify = require('./purify.min');
|
global.DOMPurify = require('./purify-1.0.3');
|
||||||
require('./bootstrap-3.3.7');
|
require('./bootstrap-3.3.7');
|
||||||
require('./privatebin');
|
require('./privatebin');
|
||||||
|
|
||||||
@ -1422,7 +1422,7 @@ describe('PasteViewer', function () {
|
|||||||
results.push(
|
results.push(
|
||||||
$('#placeholder').hasClass('hidden') &&
|
$('#placeholder').hasClass('hidden') &&
|
||||||
!$.PrivateBin.PasteViewer.isPrettyPrinted() &&
|
!$.PrivateBin.PasteViewer.isPrettyPrinted() &&
|
||||||
$.PrivateBin.PasteViewer.getText() == text
|
$.PrivateBin.PasteViewer.getText() == $('<div />').text(text).html()
|
||||||
);
|
);
|
||||||
if (format == 'markdown') {
|
if (format == 'markdown') {
|
||||||
results.push(
|
results.push(
|
||||||
|
@ -71,11 +71,11 @@ endif;
|
|||||||
if ($MARKDOWN):
|
if ($MARKDOWN):
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" src="js/showdown-1.6.1.js" integrity="sha512-e6kAsBTgFnTBnEQXrq8BV6+XFwxb3kyWHeEPOl+KhxaWt3xImE2zAW2+yP3E2CQ7F9yoJl1poVU9qxkOEtVsTQ==" crossorigin="anonymous"></script>
|
<script type="text/javascript" src="js/showdown-1.6.1.js" integrity="sha512-e6kAsBTgFnTBnEQXrq8BV6+XFwxb3kyWHeEPOl+KhxaWt3xImE2zAW2+yP3E2CQ7F9yoJl1poVU9qxkOEtVsTQ==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" src="js/purify.min.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-jJuy143F5Oy7oS3VkjzeJGBxIUuQ1H0eSjuvLGD3FiQzeu8Pwp5vI/jQ2dxlxSrzejmNMicdLHnIqH7R8Ft0lQ==" crossorigin="anonymous"></script>
|
<script type="text/javascript" src="js/purify-1.0.3.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-uhzhZJSgc+XJoaxCOjiuRzQaf5klPlSSVKGw69+zT72hhfLbVwB4jbwI+f7NRucuRz6u0aFGMeZ+0PnGh73iBQ==" crossorigin="anonymous"></script>
|
||||||
<?php
|
<?php
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PMr+homyzdcY7Cmh5XZCbU9Qmg3RjwGdpRk1jBuLyVJRMGPeKscsbklIceXssSVMdv4Y9+d2UNXykuDL7Z4fDg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-ongf6gpLgDPRVlBPaFlvxyDu3rCb1APhvzJLUFj9JuXCi6Zd0vqxt//vR8Zz3Ez9Fq+mw14HU8z52H7EjZewfA==" crossorigin="anonymous"></script>
|
||||||
<!--[if lt IE 10]>
|
<!--[if lt IE 10]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
@ -45,7 +45,7 @@ endif;
|
|||||||
if ($MARKDOWN):
|
if ($MARKDOWN):
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" src="js/showdown-1.6.1.js" integrity="sha512-e6kAsBTgFnTBnEQXrq8BV6+XFwxb3kyWHeEPOl+KhxaWt3xImE2zAW2+yP3E2CQ7F9yoJl1poVU9qxkOEtVsTQ==" crossorigin="anonymous"></script>
|
<script type="text/javascript" src="js/showdown-1.6.1.js" integrity="sha512-e6kAsBTgFnTBnEQXrq8BV6+XFwxb3kyWHeEPOl+KhxaWt3xImE2zAW2+yP3E2CQ7F9yoJl1poVU9qxkOEtVsTQ==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" src="js/purify.min.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-jJuy143F5Oy7oS3VkjzeJGBxIUuQ1H0eSjuvLGD3FiQzeu8Pwp5vI/jQ2dxlxSrzejmNMicdLHnIqH7R8Ft0lQ==" crossorigin="anonymous"></script>
|
<script type="text/javascript" src="js/purify-1.0.3.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-uhzhZJSgc+XJoaxCOjiuRzQaf5klPlSSVKGw69+zT72hhfLbVwB4jbwI+f7NRucuRz6u0aFGMeZ+0PnGh73iBQ==" crossorigin="anonymous"></script>
|
||||||
<?php
|
<?php
|
||||||
endif;
|
endif;
|
||||||
if ($QRCODE):
|
if ($QRCODE):
|
||||||
@ -54,7 +54,7 @@ if ($QRCODE):
|
|||||||
<?php
|
<?php
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PMr+homyzdcY7Cmh5XZCbU9Qmg3RjwGdpRk1jBuLyVJRMGPeKscsbklIceXssSVMdv4Y9+d2UNXykuDL7Z4fDg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-ongf6gpLgDPRVlBPaFlvxyDu3rCb1APhvzJLUFj9JuXCi6Zd0vqxt//vR8Zz3Ez9Fq+mw14HU8z52H7EjZewfA==" crossorigin="anonymous"></script>
|
||||||
<!--[if lt IE 10]>
|
<!--[if lt IE 10]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
Loading…
Reference in New Issue
Block a user