Chapril/paste.chapril.org-privatebin
Chapril/paste.chapril.org-privatebin
25
1
Fork 0
Code Issues Releases Wiki Activity

making AttachmentViewer testable

Browse Source
This commit is contained in:
El RIDO 2017-11-28 06:38:10 +01:00
parent 9f973edb7d
commit dac86eb363
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
4 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
js/privatebin.js
View File

@ -1923,11 +1923,9 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
* (view) Show attachment and preview if possible * (view) Show attachment and preview if possible
* *
* @name AttachmentViewer * @name AttachmentViewer
* @param {object} window
* @param {object} document
* @class * @class
*/ */
var AttachmentViewer = (function (window, document) { var AttachmentViewer = (function () {
var me = {}; var me = {};
var $attachmentLink, var $attachmentLink,
@ -2085,7 +2083,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
} }
return me; return me;
})(window, document); })();
/** /**
* (view) Shows discussion thread and handles replies * (view) Shows discussion thread and handles replies

2
js/test.js
View File

@ -1444,7 +1444,7 @@ describe('PasteViewer', function () {
'sanitizes XSS', 'sanitizes XSS',
jsc.elements(['plaintext', 'markdown', 'syntaxhighlighting']), jsc.elements(['plaintext', 'markdown', 'syntaxhighlighting']),
'string', 'string',
// https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet // @see {@link https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet}
jsc.elements([ jsc.elements([
'<PLAINTEXT>', '<PLAINTEXT>',
'></SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>', '></SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>',

2
tpl/bootstrap.php
View File

@ -70,7 +70,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-EvNAh1GXOoUiGZ/W8iPtzsce06bvVHy6+ajJztmfSgdQcKMPoj0dB8j1FC90MEChl7MOeR4xozvDymH/6HwIlA==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-NDAfNtN88qJLs6tH5RjjDDdd/sbFFrufgR8RpT6UACus40DLSO6vmSNje9L5IZl+93XBaTxryE7ud9Irkjfh2A==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

2
tpl/page.php
View File

@ -48,7 +48,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-EvNAh1GXOoUiGZ/W8iPtzsce06bvVHy6+ajJztmfSgdQcKMPoj0dB8j1FC90MEChl7MOeR4xozvDymH/6HwIlA==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-NDAfNtN88qJLs6tH5RjjDDdd/sbFFrufgR8RpT6UACus40DLSO6vmSNje9L5IZl+93XBaTxryE7ud9Irkjfh2A==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->