rugk
29b8215332
Add missing package-json.lock
...
NodeJS v16.14.0
2022-07-09 16:44:35 +02:00
El RIDO
f717334ee0
- credit & document Turkish translation
...
- remove plural indicators
- add plural logic and enable Turkish translation
2022-04-28 20:05:57 +02:00
El RIDO
456ced37c2
incrementing version
2022-04-05 07:30:51 +02:00
El RIDO
f0d0daffcc
enable and credit new Finnish translation
2022-04-05 07:22:07 +02:00
El RIDO
f2e0c1a701
upgrade to zlib 1.2.12
2022-03-30 06:05:37 +02:00
El RIDO
82be7c6354
Merge branch 'hardening' of github.com:PrivateBin/PrivateBin into hardening
2022-03-27 08:28:10 +02:00
El RIDO
75dc346f0f
be more specific on the base type match and less specific on the subtype, in order to fail-safe (avoid being tricked into not sanitizing - the mime type is a user provided input)
2022-03-27 08:27:24 +02:00
El RIDO
960faf4417
wording
...
Co-authored-by: rugk <rugk+git@posteo.de>
2022-03-27 07:58:25 +02:00
El RIDO
36cb37c029
prevent error when attachments are disabled, but paste with attachment gets displayed
2022-03-13 20:18:51 +01:00
El RIDO
5617612eb3
upgrade to showdown 2.0.3
2022-03-13 20:05:38 +01:00
El RIDO
2a4d572c1e
Sanitize SVG preview, preventing script execution in instance context, while dropping support for attachment download in IE
2022-03-13 19:56:12 +01:00
El RIDO
f39934a104
Merge pull request #896 from Patriccollu/PB-in-Corsican
...
Adding Corsican as brand new locale
2022-02-26 11:52:43 +01:00
Patriccollu
004e2dd75c
Update to add Corsican as new locale
2022-02-24 20:03:48 +01:00
El RIDO
7a6f36a789
disable failing part of the test
2022-02-23 06:04:05 +01:00
El RIDO
a0f8a667ae
deprecated functions, fix test partially
2022-02-20 21:07:04 +01:00
El RIDO
fbf0eae513
update bootstrap JS library to 3.4.1
...
note that this fails one of our unit tests
2022-02-20 16:13:54 +01:00
El RIDO
7277d2bb43
update all libraries
2022-02-18 07:36:09 +01:00
El RIDO
9df6754dfa
Merge pull request #881 from PrivateBin/jbobau
...
Lojban translation
2022-02-13 08:58:29 +01:00
El RIDO
8faf0501f4
improve Lojban support
...
- Crowdin has to use the 3 letter language code, since Lojban has no 2 letter code. Added support for this in the PHP backend and renamed the translation file.
- Lojban has no plural cases, updated the plural-formulas accordingly.
- Credited the change and documented it.
- Updated the SRI hashes.
2022-02-12 16:17:09 +01:00
Bjoern Becker
832f000576
update jquery
2022-02-11 12:22:16 +01:00
foxsouns - SEE ME @ GITLAB
401cd32d07
add jb (lojban) into supported languages list
2022-02-09 22:30:53 -08:00
El RIDO
a2ffbafa13
ensure npm's package.json version gets incremented
2021-06-05 09:43:01 +02:00
El RIDO
bc11452259
make filename unique per paste ID
2021-04-17 09:08:11 +02:00
El RIDO
853a4f386f
fix indentation
2021-04-17 08:51:25 +02:00
El RIDO
47029fb04e
Merge branch 'master' into download-feature
2021-04-17 08:47:14 +02:00
El RIDO
1dc8b24665
transmit cookie only over HTTPS, fixes #472
2021-04-16 20:15:12 +02:00
ed66351337
Added download feature ( #5318 ).
2021-04-16 19:29:03 +02:00
El RIDO
175d14224e
set plurals for and credit Estonian translation
2021-04-16 18:27:12 +02:00
El RIDO
d65bf02d78
upgraded kjua
2021-04-05 17:33:07 +02:00
El RIDO
458ebcb321
incrementing version
2021-04-05 17:05:14 +02:00
El RIDO
a369202c51
add missing expiration reset
2021-04-05 13:47:37 +02:00
El RIDO
77ee40909f
record defaults during initialization, fixes #682
2021-04-05 13:24:53 +02:00
El RIDO
5fd829aa09
adding unit tests for TopNav.resetInput(), triggering bug described in #682
2021-04-05 12:50:23 +02:00
El RIDO
a40f3b2950
update DOMpurify to version 2.2.7
2021-04-03 07:04:59 +02:00
El RIDO
2e10bdbd22
update DOMpurify to version 2.2.7
2021-04-02 09:09:47 +02:00
El RIDO
da0896fe42
set plurals for and credit Catalan translation
2021-04-02 09:00:27 +02:00
El RIDO
5a9bcea3a9
set plurals for and credit Indonesian translation
2021-03-09 05:54:06 +01:00
El RIDO
b38ebc503e
plural rules and documenting newly added languages
2021-01-07 21:16:03 +01:00
El RIDO
5ec72f1d89
address false positive jsverify RngState 080d2f5b13a86e97c4
2020-10-04 14:08:27 +02:00
El RIDO
1614342248
update DOMpurify to version 2.0.14
2020-08-30 08:34:38 +02:00
El RIDO
0673c1cde1
fix display of empty files #663
2020-06-30 20:10:56 +02:00
El RIDO
cb0faf690c
DOMpurify strips line tabulation characters (\u000b), adresses jsverifyRngState 8f6fbd749c3852ea01
2020-06-07 07:58:07 +02:00
El RIDO
8fcc321eb6
adjust unit tests to new link format
2020-06-07 07:47:28 +02:00
El RIDO
5450a431cf
Merge branch 'Haocen-625-bugfixes'
2020-06-07 07:38:59 +02:00
Haocen Xu
65011019b7
Fix urls2links unit test
2020-06-02 09:03:33 -04:00
El RIDO
dfed1a4b45
switching webcrypto library to native node crypto implementation (requires node>=10)
2020-06-01 08:07:25 +02:00
unknown
903ea5ea68
Open all links in new window
2020-06-01 02:33:22 +08:00
Haocen Xu
dd98af0775
Avoid recreation of existing pasteurl element when calling URL shortener
2020-05-30 06:07:47 -04:00
Haocen Xu
5f0011b0f6
Sanitize output from Helper.urls2links
2020-05-30 06:05:20 -04:00
Haocen Xu
25a39148a8
Change order of execution to detect delete token properly
2020-05-30 06:00:17 -04:00
Haocen Xu
e298c3d10c
Reload page when back button in browser pressed, avoid reading burn
...
after read paste from cache
2020-05-30 05:57:27 -04:00
Haocen Xu
afcece17dd
Fix broken Helper.durationToSeconds, as it doesn't handle weeks
2020-05-30 05:55:41 -04:00
Haocen Xu
74551f58d7
Avoid DOMPurify mess with forward slash in expirationDateString
2020-05-30 05:52:15 -04:00
Haocen Xu
4984194c33
Avoid dropzone appearing when it should not by fixing
...
TopNav.isAttachmentReadonly logic
2020-05-30 05:48:15 -04:00
Haocen Xu
d6b06269a4
Fix Editor.hide typo
2020-05-30 05:47:33 -04:00
Haocen Xu
7eb96eb3cb
Avoid handling clipboard data item if it is not file type
2020-05-30 05:39:46 -04:00
rugk
d3ba7eeb13
Reset checkboxes on new paste
2020-04-23 12:07:08 +02:00
rugk
5ece4d2632
Reset attachment when clicking new paste
2020-04-23 11:25:24 +02:00
El RIDO
c63dc3df7b
increase timeout for nyc JS code coverage generator
2020-03-22 06:56:18 +01:00
El RIDO
9914c37683
incrementing version
2020-03-22 06:44:04 +01:00
El RIDO
1439bb291f
allow pasting password on paste with attachment - big kudos @rugk for finding it! - fixes #565 , fixes #595
2020-03-21 16:53:55 +01:00
El RIDO
71c76adac4
addressing false positive jsverify rngState 077c06da821594b3fe
2020-03-06 23:00:48 +01:00
rugk
7cb830e22f
It includes a change in the RegEx for URLs because that was broken when a
...
& character later followed at any time after a link (even after a newline).
(with a negative lookahead)
Test with https://regex101.com/r/i7bZ73/1
Now the RegEx does not check for _all_ chars after a link, but just for the
one following the link.
(So the lookahead is not * anymore. I guess thsi behaviour was
the expectation when it has been implemented.)
2020-03-06 22:37:12 +01:00
El RIDO
c334d2d00d
Merge branch 'master' into preview-encoding
2020-03-06 22:23:40 +01:00
El RIDO
c11dc8e17e
reverting Helper.urls2links() method to old style, applied to element instead of string, allows inserting plain text as text node
2020-03-06 22:18:38 +01:00
El RIDO
8a6dcf910a
Revert "in Helper.urls2links(), encode HTML entities, find and insert links, partially decoding only the href property of it"
...
This reverts commit 5340f417e0
.
2020-03-06 20:57:15 +01:00
El RIDO
f391773c65
generalize date string handling, replacing hardcoded lookups, fixes #586
2020-03-01 08:54:48 +01:00
El RIDO
5340f417e0
in Helper.urls2links(), encode HTML entities, find and insert links, partially decoding only the href property of it
2020-02-29 09:37:54 +01:00
El RIDO
d2e9e47b67
refactor switch into nested if/else, to improve readability - no functional change
2020-02-29 08:45:56 +01:00
El RIDO
adece1d784
incrementing version
2020-02-16 11:15:51 +01:00
El RIDO
12c83a13c7
addressing false positive jsverify rngState 85f362db8950cea741
2020-02-05 19:06:45 +01:00
El RIDO
bab95cce1b
addressing false positive jsverify rngState 8bf7605ea139db4c28
2020-02-04 18:58:24 +01:00
El RIDO
00438ec1ab
upgrade DOMpurify to 2.0.8
2020-02-04 18:43:35 +01:00
El RIDO
2cbb8bf3ca
in translation, allow links to be inserted unencoded into href attribute, simplfy sanitation by allowing only <a> tags in DOMpurify for plain text and comments and avoid DOMpurify removing magnet links, fixes #579
2020-02-02 07:08:38 +01:00
El RIDO
3996f82404
relax encoding of slashes just for plaintext display, so links can be detected
2020-02-01 16:30:41 +01:00
El RIDO
cc0920fc09
add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it
2020-02-01 08:46:59 +01:00
El RIDO
91003d6597
Merge remote-tracking branch 'origin/master' into displayEncoding
2020-02-01 07:52:48 +01:00
El RIDO
9a4018bffe
jsverify rngState 8270695ec83abf412d was a false positive, due to incorrect test logic
2020-02-01 07:40:14 +01:00
El RIDO
8a6415ef5f
fixing jsverify rngStates 0220439df7ec68a15b, 015c81b7afd06e4293 & 041e3d57692b08fc4a
2020-01-31 22:42:42 +01:00
Erion
3f8cf1792d
Switch to single quotes.
2020-01-26 18:08:59 +01:00
Erion
f6899785a9
Fix ARIA for Editor/preview tabs.
2020-01-25 18:47:18 +01:00
El RIDO
2d11d7b29e
re-applying sprintf simplification and rephrased jsdoc block
2020-01-25 09:16:14 +01:00
El RIDO
29efc14aa7
Revert "implement simplified translation logic, forcing the use of safe application via jQuery element"
...
This reverts commit 62365880b4
. The unit tests showed that the text2string function completely undid the XSS fix, so it was always unsafe to use it. Also the logic simplifications were smaller then expected.
2020-01-25 09:07:29 +01:00
El RIDO
62365880b4
implement simplified translation logic, forcing the use of safe application via jQuery element
2020-01-25 09:07:06 +01:00
El RIDO
aa3f1206b2
rewriting translations to pass jQuery element where easily possible
2020-01-25 08:13:36 +01:00
El RIDO
42130e0468
prevent potentially non-encoded string from getting returned
2020-01-18 10:53:58 +01:00
El RIDO
685c354d0e
several changes:
...
- added tests for all 4 cases: output to string or into element vs first param contains link or not
- cleaned up logic - skip HTML entity encoding only if we can ensure insertion to text node / when output to string, we always encode
- DOMpurify sanitizes gopher, ws & wss links, which we previosly had tested for
2020-01-18 10:44:35 +01:00
El RIDO
fa9d3037ba
fixing logic & indentation
2020-01-18 07:44:32 +01:00
El RIDO
7b87dc3ca9
cleanup revert
2020-01-18 07:36:43 +01:00
El RIDO
0d08edbe55
Revert "getting rid of htmlEntities (except for tests)" a0740ff79f
2020-01-18 07:30:01 +01:00
El RIDO
cec5cb41d7
Partial revert "Do not double-encode HTML in i18n", only revert the removal of required encoding logic - still has to be moved
...
This reverts commit 01414e43ca
.
2020-01-18 07:20:05 +01:00
El RIDO
76eff6a87a
Revert "[TEST] Try to disallow vulnerable cases" to remove accidentally committed file and statement that breaks the tests
...
This reverts commit ebc2d649c4
.
2020-01-18 07:12:03 +01:00
El RIDO
fd4492f229
ensuring that both critical branches get tested
2020-01-18 07:09:56 +01:00
rugk
eb549d70d1
Invert conatainsLink logic
2020-01-15 17:52:51 +01:00
rugk
ebc2d649c4
[TEST] Try to disallow vulnerable cases
2020-01-13 19:56:15 +01:00
rugk
01414e43ca
Do not double-encode HTML in i18n
...
This issue got introduced in 4bf7f86
due to double
Fixes https://github.com/PrivateBin/PrivateBin/issues/557
Fixes https://github.com/PrivateBin/PrivateBin/issues/558
Also _inverted_ the logic/variable name for containsNoLinks to
the more logical one "containsLinks" to avoid too many negations.
Also verified that the attachment name is stil properly displayed
when you clone a paste.
2020-01-13 19:17:30 +01:00
El RIDO
599264e167
partially address #556 - now comments can only be added after successfull decryption
2020-01-08 19:48:42 +01:00
El RIDO
ed590ee557
incrementing version
2020-01-08 19:31:06 +01:00
El RIDO
ef8943d838
upgrading base-x library to 3.0.7
2020-01-07 20:11:12 +01:00
El RIDO
2fd649db14
upgrading showdown to released 1.9.1 version
2020-01-07 19:58:05 +01:00