El RIDO
cb0faf690c
DOMpurify strips line tabulation characters (\u000b), adresses jsverifyRngState 8f6fbd749c3852ea01
2020-06-07 07:58:07 +02:00
El RIDO
8fcc321eb6
adjust unit tests to new link format
2020-06-07 07:47:28 +02:00
Haocen Xu
65011019b7
Fix urls2links unit test
2020-06-02 09:03:33 -04:00
El RIDO
c63dc3df7b
increase timeout for nyc JS code coverage generator
2020-03-22 06:56:18 +01:00
El RIDO
71c76adac4
addressing false positive jsverify rngState 077c06da821594b3fe
2020-03-06 23:00:48 +01:00
El RIDO
c11dc8e17e
reverting Helper.urls2links() method to old style, applied to element instead of string, allows inserting plain text as text node
2020-03-06 22:18:38 +01:00
El RIDO
8a6dcf910a
Revert "in Helper.urls2links(), encode HTML entities, find and insert links, partially decoding only the href property of it"
...
This reverts commit 5340f417e0
.
2020-03-06 20:57:15 +01:00
El RIDO
5340f417e0
in Helper.urls2links(), encode HTML entities, find and insert links, partially decoding only the href property of it
2020-02-29 09:37:54 +01:00
El RIDO
12c83a13c7
addressing false positive jsverify rngState 85f362db8950cea741
2020-02-05 19:06:45 +01:00
El RIDO
bab95cce1b
addressing false positive jsverify rngState 8bf7605ea139db4c28
2020-02-04 18:58:24 +01:00
El RIDO
2cbb8bf3ca
in translation, allow links to be inserted unencoded into href attribute, simplfy sanitation by allowing only <a> tags in DOMpurify for plain text and comments and avoid DOMpurify removing magnet links, fixes #579
2020-02-02 07:08:38 +01:00
El RIDO
cc0920fc09
add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it
2020-02-01 08:46:59 +01:00
El RIDO
9a4018bffe
jsverify rngState 8270695ec83abf412d was a false positive, due to incorrect test logic
2020-02-01 07:40:14 +01:00
El RIDO
8a6415ef5f
fixing jsverify rngStates 0220439df7ec68a15b, 015c81b7afd06e4293 & 041e3d57692b08fc4a
2020-01-31 22:42:42 +01:00
El RIDO
29efc14aa7
Revert "implement simplified translation logic, forcing the use of safe application via jQuery element"
...
This reverts commit 62365880b4
. The unit tests showed that the text2string function completely undid the XSS fix, so it was always unsafe to use it. Also the logic simplifications were smaller then expected.
2020-01-25 09:07:29 +01:00
El RIDO
62365880b4
implement simplified translation logic, forcing the use of safe application via jQuery element
2020-01-25 09:07:06 +01:00
El RIDO
685c354d0e
several changes:
...
- added tests for all 4 cases: output to string or into element vs first param contains link or not
- cleaned up logic - skip HTML entity encoding only if we can ensure insertion to text node / when output to string, we always encode
- DOMpurify sanitizes gopher, ws & wss links, which we previosly had tested for
2020-01-18 10:44:35 +01:00
El RIDO
fa9d3037ba
fixing logic & indentation
2020-01-18 07:44:32 +01:00
El RIDO
fd4492f229
ensuring that both critical branches get tested
2020-01-18 07:09:56 +01:00
El RIDO
4bf7f863dc
more general solution addressing #554 , kudos @rugk for the suggestions
2020-01-04 13:14:53 +01:00
El RIDO
8d0ac336d2
addressing jsverifyRngState 8b8f0d4ec2a67139b5, fixes HTML injection via filename, closes #554
2019-12-25 09:14:32 +01:00
Haocen Xu
e079f6c830
Implement Email button
2019-10-31 15:07:13 -04:00
El RIDO
e9eeeacdf0
addressing jsverifyRngState 0f5ea3f961827b0c4d
2019-09-19 20:48:05 +02:00
El RIDO
7c61f59dcd
removing untranslated string for non-human entities, moving insecure notice to template, so it can remains translated
2019-09-19 19:14:48 +02:00
El RIDO
4332d0edb0
making legacy.js work even on IE 6 by avoiding jQuery
2019-09-18 07:31:32 +02:00
El RIDO
63426d6f8b
splitting out PrivateBin.InitialCheck class into Legacy.Check and working on making it compatible with IE 11
2019-09-14 09:41:52 +02:00
El RIDO
c2962af4f8
trying different approach to convince codacy about false positive
2019-09-08 09:08:21 +02:00
El RIDO
5471757fa7
making webassembly optional, ensuring retry button works when wrong password is provided
...
Tested configurations:
- browser with WASM support (Firefox 68.0.2)
- creates paste with zlib compression, no password
- creates paste with zlib compression, with password
- reads paste with zlib compression, no password
- reads paste with zlib compression, with password + retry button works
- reads paste without compression, no password
- reads paste without compression, with password + retry button works
- browser without WASM support (Chromium 76.0.3809.100, started via `chromium-browser --js-flags=--noexpose_wasm`)
- creates paste without compression, no password, but shows WASM warning
- creates paste without compression, with password, but shows WASM warning
- fails to read paste with zlib compression, no password + shows WASM error
- fails to read paste with zlib compression, with password + shows WASM error
- reads paste without compression, no password
- reads paste without compression, with password + retry button works
2019-09-08 08:21:54 +02:00
El RIDO
c56d777c11
fixing logic when there are no icons and warning icons, add more test cases
2019-08-28 20:29:23 +02:00
El RIDO
ad570c391a
extend Alert class unit testing
2019-08-28 19:23:58 +02:00
El RIDO
a6aef109cc
making feature detection work as intended in chrome
2019-08-27 23:16:06 +02:00
El RIDO
6fcd82fb85
making the feature detection more robust, let users with no WASM create uncompressed pastes, remove dead & duplicate code
2019-08-27 07:38:27 +02:00
El RIDO
c707c87cac
addressing rngState 0ef2c5e06719a8b43d
2019-06-27 21:37:40 +02:00
El RIDO
2cbf528894
fixing failing unit tests in travisCI
2019-06-27 21:18:46 +02:00
El RIDO
67b9b5f0d8
correcting old browser detection logic, fixes #446
2019-06-27 20:11:22 +02:00
El RIDO
40493dfb3a
simplify logic, adding test cases for all combinations of URLs that are regarded as secure context
2019-06-23 10:38:08 +02:00
El RIDO
d9f27fb004
avoid instability of tests due to Alert callback testing, which can prevent notifications from getting displayed
2019-06-23 09:39:21 +02:00
El RIDO
603f7fd911
adding tests for all cases
2019-06-22 15:44:54 +02:00
El RIDO
59153633b8
adding test for bot UAs
2019-06-22 09:12:31 +02:00
El RIDO
50cc6995e0
making use of the URL object in the existing tests
2019-06-20 22:30:49 +02:00
El RIDO
6cf52f4cf3
mocking window.URL.createObjectURL to have tests working with blob URLs
2019-06-15 08:56:47 +02:00
El RIDO
c4b84b2b6b
extract version logic into paste & comment classes
2019-05-25 13:20:39 +02:00
El RIDO
353d08daf6
handle regression due to base58 stripping NULL bytes, discovered via JSVerify RNG state 0dec6b2a5f04d19873
2019-05-19 09:54:40 +02:00
El RIDO
8fd3e680e4
base58 will left trim NULL bytes, handling JSVerify RNG state 0dec6b2a5f04d19873
2019-05-19 09:05:56 +02:00
El RIDO
86b4e0e7a4
revert autoformatting applied by IDE
2019-05-19 08:43:07 +02:00
El RIDO
3b0ab7e99f
fixing regression handling v1 key format (un-decoded base64)
2019-05-19 08:36:18 +02:00
El RIDO
0e71211fad
v2 paste can successfully en- and decrypt the particular message, fixes #260
2019-05-19 08:25:34 +02:00
El RIDO
7111e38898
Merge branch 'empty-paste' into webcrypto
2019-05-19 07:52:37 +02:00
El RIDO
6f480bf014
Merge branch 'master' into webcrypto, implementing base58, fixes #377
2019-05-15 21:20:54 +02:00
El RIDO
5779d87788
integrating compression test case that failed in rawdeflate in webcrypto + zlib testing, proving this fixes #328
2019-05-15 18:56:42 +02:00