El RIDO
2cbb8bf3ca
in translation, allow links to be inserted unencoded into href attribute, simplfy sanitation by allowing only <a> tags in DOMpurify for plain text and comments and avoid DOMpurify removing magnet links, fixes #579
2020-02-02 07:08:38 +01:00
El RIDO
3996f82404
relax encoding of slashes just for plaintext display, so links can be detected
2020-02-01 16:30:41 +01:00
El RIDO
d7fd6667fd
Merge branch 'displayEncoding2'
2020-02-01 16:16:05 +01:00
El RIDO
21ca30af3c
apply StyleCI recommendation
2020-02-01 09:39:14 +01:00
El RIDO
1b206e8495
ensuring consistent use of php side encoding, testing all encoding cases, correctly report the language in the <html> tag
2020-02-01 09:15:14 +01:00
El RIDO
cc0920fc09
add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it
2020-02-01 08:46:59 +01:00
El RIDO
428ea2f34e
adding test that expects parameters of php translation to get HTML entities to get encoded
2020-02-01 08:09:30 +01:00
El RIDO
f940f17bba
Merge branch 'displayEncoding'
2020-02-01 07:53:32 +01:00
El RIDO
91003d6597
Merge remote-tracking branch 'origin/master' into displayEncoding
2020-02-01 07:52:48 +01:00
El RIDO
9a4018bffe
jsverify rngState 8270695ec83abf412d was a false positive, due to incorrect test logic
2020-02-01 07:40:14 +01:00
El RIDO
8a6415ef5f
fixing jsverify rngStates 0220439df7ec68a15b, 015c81b7afd06e4293 & 041e3d57692b08fc4a
2020-01-31 22:42:42 +01:00
El RIDO
b674c187a0
Merge pull request #578 from imtms/master
...
Update Chinese translation.
2020-01-31 21:34:34 +01:00
R4SAS
665192e27e
Merge pull request #580 from mkromar/footer-link-fix-sl
...
Fixed info link in page footer of sl translation.
2020-01-31 19:02:31 +00:00
mkromar
b4256a986a
Fixed info link in page footer of sl translation.
2020-01-31 19:47:24 +00:00
TMs
13b30608cb
Update Chinese translation.
2020-01-31 12:36:02 +08:00
El RIDO
a86dd35ac3
Merge pull request #574 from PrivateBin/rugk-php-runner
...
Test PHP Composer runner of GitHub
2020-01-29 13:06:40 +01:00
rugk
19d0cace13
Merge branch 'readmeupdate'
2020-01-27 21:13:47 +01:00
rugk
d0589e77d4
Feature FAQ link in Readme & remove legacy things
...
* remove old ZeroBin 0.19 guide, this is so old already, few people will benefit from a direct link in the Readme. It stays in the wiki for those, who need it.
* add direct link to the FAQ - it's one of our best documentation/sources, so it's a shame it is not featured more prominently 😉
2020-01-27 15:28:40 +01:00
rugk
271c954f9a
Test PHP Composer runner of GitHub
...
GitHub has these new CI/CD features, so let's test whether this makes sense.
I guess this PHP thing just installs the project via composer… 🤔
2020-01-26 23:25:24 +01:00
Erion
3f8cf1792d
Switch to single quotes.
2020-01-26 18:08:59 +01:00
Erion
f6899785a9
Fix ARIA for Editor/preview tabs.
2020-01-25 18:47:18 +01:00
El RIDO
2d11d7b29e
re-applying sprintf simplification and rephrased jsdoc block
2020-01-25 09:16:14 +01:00
El RIDO
29efc14aa7
Revert "implement simplified translation logic, forcing the use of safe application via jQuery element"
...
This reverts commit 62365880b4
. The unit tests showed that the text2string function completely undid the XSS fix, so it was always unsafe to use it. Also the logic simplifications were smaller then expected.
2020-01-25 09:07:29 +01:00
El RIDO
62365880b4
implement simplified translation logic, forcing the use of safe application via jQuery element
2020-01-25 09:07:06 +01:00
El RIDO
aa3f1206b2
rewriting translations to pass jQuery element where easily possible
2020-01-25 08:13:36 +01:00
El RIDO
b160e5d1f8
Merge branch 'tupaschoal-translate-pt'
2020-01-22 20:15:20 +01:00
Tulio Leao
56ad0273e4
Update pt translation
2020-01-21 22:47:17 -03:00
El RIDO
83c29165ad
Merge branch 'ensag-dev-master'
2020-01-21 19:02:05 +01:00
ensag-dev
39ee46caee
Update for e-mail function
2020-01-21 08:11:16 +00:00
ensag-dev
774fea9230
Small corrections
2020-01-21 08:05:17 +00:00
El RIDO
1d8b0d6189
Merge branch 'rylebrun-mail_fr_translation'
2020-01-20 19:39:13 +01:00
El RIDO
72e96c7147
german translation of send to mail messages
2020-01-20 19:38:52 +01:00
El RIDO
1ae4f4f0fc
updating all languages with missing translation, addresses failing unit test in previous commit
2020-01-20 19:24:28 +01:00
rylebrun
28c387074f
Add mail fr translation for buttons
2020-01-20 12:11:03 +01:00
rylebrun
3993b47e06
Add mail fr translation
2020-01-20 12:03:11 +01:00
El RIDO
42130e0468
prevent potentially non-encoded string from getting returned
2020-01-18 10:53:58 +01:00
El RIDO
685c354d0e
several changes:
...
- added tests for all 4 cases: output to string or into element vs first param contains link or not
- cleaned up logic - skip HTML entity encoding only if we can ensure insertion to text node / when output to string, we always encode
- DOMpurify sanitizes gopher, ws & wss links, which we previosly had tested for
2020-01-18 10:44:35 +01:00
El RIDO
fa9d3037ba
fixing logic & indentation
2020-01-18 07:44:32 +01:00
El RIDO
7b87dc3ca9
cleanup revert
2020-01-18 07:36:43 +01:00
El RIDO
0d08edbe55
Revert "getting rid of htmlEntities (except for tests)" a0740ff79f
2020-01-18 07:30:01 +01:00
El RIDO
cec5cb41d7
Partial revert "Do not double-encode HTML in i18n", only revert the removal of required encoding logic - still has to be moved
...
This reverts commit 01414e43ca
.
2020-01-18 07:20:05 +01:00
El RIDO
76eff6a87a
Revert "[TEST] Try to disallow vulnerable cases" to remove accidentally committed file and statement that breaks the tests
...
This reverts commit ebc2d649c4
.
2020-01-18 07:12:03 +01:00
El RIDO
fd4492f229
ensuring that both critical branches get tested
2020-01-18 07:09:56 +01:00
El RIDO
5daba16333
Merge branch 'ensag-dev-master'
2020-01-16 05:28:17 +01:00
rugk
eb549d70d1
Invert conatainsLink logic
2020-01-15 17:52:51 +01:00
ensag-dev
9f6c02276a
Update Occitan translation
2020-01-14 16:24:53 +01:00
rugk
ebc2d649c4
[TEST] Try to disallow vulnerable cases
2020-01-13 19:56:15 +01:00
rugk
01414e43ca
Do not double-encode HTML in i18n
...
This issue got introduced in 4bf7f86
due to double
Fixes https://github.com/PrivateBin/PrivateBin/issues/557
Fixes https://github.com/PrivateBin/PrivateBin/issues/558
Also _inverted_ the logic/variable name for containsNoLinks to
the more logical one "containsLinks" to avoid too many negations.
Also verified that the attachment name is stil properly displayed
when you clone a paste.
2020-01-13 19:17:30 +01:00
El RIDO
9aac073a49
clarifying for #525 that none is a string, as PHP might evaluate it to NULL instead
2020-01-09 05:42:42 +01:00
El RIDO
599264e167
partially address #556 - now comments can only be added after successfull decryption
2020-01-08 19:48:42 +01:00