diff --git a/js/privatebin.js b/js/privatebin.js
index a1308620..5f61de13 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -2843,7 +2843,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// prevents executing embedded scripts when CSP is not set and user
// right-clicks/long-taps and opens the SVG in a new tab - prevented
// in the preview by use of an img tag, which disables scripts, too
- if (mimeType.match(/image\/svg/i)) {
+ if (mimeType.match(/^image\/.*svg/i)) {
const sanitizedData = DOMPurify.sanitize(
decodedData,
purifySvgConfig
@@ -3072,13 +3072,13 @@ jQuery.PrivateBin = (function($, RawDeflate) {
me.handleBlobAttachmentPreview = function ($targetElement, blobUrl, mimeType) {
if (blobUrl) {
attachmentHasPreview = true;
- if (mimeType.match(/image\//i)) {
+ if (mimeType.match(/^image\//i)) {
$targetElement.html(
$(document.createElement('img'))
.attr('src', blobUrl)
.attr('class', 'img-thumbnail')
);
- } else if (mimeType.match(/video\//i)) {
+ } else if (mimeType.match(/^video\//i)) {
$targetElement.html(
$(document.createElement('video'))
.attr('controls', 'true')
@@ -3089,7 +3089,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
.attr('type', mimeType)
.attr('src', blobUrl))
);
- } else if (mimeType.match(/audio\//i)) {
+ } else if (mimeType.match(/^audio\//i)) {
$targetElement.html(
$(document.createElement('audio'))
.attr('controls', 'true')
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index 7fe82e04..e044bbb4 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -73,7 +73,7 @@ endif;
?>
-
+
diff --git a/tpl/page.php b/tpl/page.php
index 5823f71b..20792551 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -51,7 +51,7 @@ endif;
?>
-
+