Make JS function more robust

js/privatebin.js

@@ -743,14 +743,45 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
          */
         me.getPasteId = function()
         {
-            if (id === null) {
+            const idRegEx = /^[a-z0-9]{16}$/;
+            const idRegExFind = /[a-z0-9]{16}/;
+
+            // return cached value
+            if (id !== null) {
+                return id;
+            }
+
+            // do use URL interface, if possible
+            if (window.URL && window.URL.prototype && ('searchParams' in window.URL.prototype)) {
+                try {
+                    const url = new URL(window.location);
+
+                    for (const param of url.searchParams) {
+                        const key = param[0];
+                        const value = param[1];
+
+                        if (value === '' && idRegEx.test(key)) {
+                            // safe, as the whole regex is matched
+                            id = key;
+                            return id;
+                        }
+                    }
+                } catch (e) {
+                    // fallback below
+                    console.error('URL interface not properly supported, error:', e);
+                }
+            } else {
+                console.warn('URL interface appears not to be supported in this browser.');
+            }
+
+            // fallback to simple RegEx
+            console.warn('fallback to simple RegEx search');
             // Attention: This also returns the delete token inside of the ID, if it is specified
-                id = (window.location.search.match(/[a-z0-9]{16}/) || [''])[0];
+            id = (window.location.search.match(idRegExFind) || [''])[0];
 
             if (id === '') {
                 throw 'no paste id given';
             }
-            }
 
             return id;
         }

tpl/bootstrap.php

@@ -76,7 +76,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qY0AJdr7OzoJBiuVUO9w1HZv8WXoYpbCocgvHW+gMMic9CDU/pwohPkdqbaTh4SkHpRQ8cNpRO7ezTyBs0KMbA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-tRRKkyV2RYlU1b/PdUmLigAV8mAQpklblVO071AcQs5QbeUwBnK2L5zjbscm2+B2eRJ06luEisXuPowvFHN6fA==" crossorigin="anonymous"></script>
 		<!--[if lt IE 10]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
 		<![endif]-->

tpl/page.php

@@ -54,7 +54,7 @@ if ($MARKDOWN):
 endif;
 ?>
 		<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-qY0AJdr7OzoJBiuVUO9w1HZv8WXoYpbCocgvHW+gMMic9CDU/pwohPkdqbaTh4SkHpRQ8cNpRO7ezTyBs0KMbA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-tRRKkyV2RYlU1b/PdUmLigAV8mAQpklblVO071AcQs5QbeUwBnK2L5zjbscm2+B2eRJ06luEisXuPowvFHN6fA==" crossorigin="anonymous"></script>
 		<!--[if lt IE 10]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
 		<![endif]-->