Chapril/paste.chapril.org-privatebin
Chapril/paste.chapril.org-privatebin
24
0
Fork 0
Code Issues Releases Wiki Activity
3,041 Commits 16 Branches 34 Tags 18 MiB
1.7.0
Commit Graph

118 Commits

Author SHA1 Message Date
El RIDO
4e62e1f6ef address jsverify rngState 87ab3f64de258190c7, fixes #1139 2024-01-08 08:09:29 +01:00
El RIDO
405479642f add YOURLS API samples for extractUrl validation 2024-01-07 17:45:01 +01:00
El RIDO
fd82b937a9 refactor URL generators 2024-01-07 16:06:24 +01:00
El RIDO
d493ba7337 refactor URL generators 2024-01-07 15:47:29 +01:00
El RIDO
37ee3b1c7c refactor URL generators 2024-01-07 14:10:43 +01:00
El RIDO
cc0b6e387a avoid use of bleeding edge function 
only supported in Firefox & Chrome >= 120 & node >= 19.9.0 & 18.17.0
 2024-01-04 23:23:47 +01:00
El RIDO
a80bd4e4ea fix url filter, IDN URL unit test 2024-01-04 23:08:17 +01:00
El RIDO
5c97443d1d
add basic RTL support, drop default language key 2023-09-19 07:29:00 +02:00
El RIDO
7a6f36a789
disable failing part of the test 2022-02-23 06:04:05 +01:00
El RIDO
a0f8a667ae
deprecated functions, fix test partially 2022-02-20 21:07:04 +01:00
El RIDO
77ee40909f
record defaults during initialization, fixes #682 2021-04-05 13:24:53 +02:00
El RIDO
5fd829aa09
adding unit tests for TopNav.resetInput(), triggering bug described in #682 2021-04-05 12:50:23 +02:00
El RIDO
5ec72f1d89
address false positive jsverify RngState 080d2f5b13a86e97c4 2020-10-04 14:08:27 +02:00
El RIDO
cb0faf690c
DOMpurify strips line tabulation characters (\u000b), adresses jsverifyRngState 8f6fbd749c3852ea01 2020-06-07 07:58:07 +02:00
El RIDO
8fcc321eb6
adjust unit tests to new link format 2020-06-07 07:47:28 +02:00
Haocen Xu
65011019b7
Fix urls2links unit test 2020-06-02 09:03:33 -04:00
El RIDO
c63dc3df7b
increase timeout for nyc JS code coverage generator 2020-03-22 06:56:18 +01:00
El RIDO
71c76adac4
addressing false positive jsverify rngState 077c06da821594b3fe 2020-03-06 23:00:48 +01:00
El RIDO
c11dc8e17e
reverting Helper.urls2links() method to old style, applied to element instead of string, allows inserting plain text as text node 2020-03-06 22:18:38 +01:00
El RIDO
8a6dcf910a
Revert "in Helper.urls2links(), encode HTML entities, find and insert links, partially decoding only the href property of it" 
This reverts commit 5340f417e0.
 2020-03-06 20:57:15 +01:00
El RIDO
5340f417e0
in Helper.urls2links(), encode HTML entities, find and insert links, partially decoding only the href property of it 2020-02-29 09:37:54 +01:00
El RIDO
12c83a13c7
addressing false positive jsverify rngState 85f362db8950cea741 2020-02-05 19:06:45 +01:00
El RIDO
bab95cce1b
addressing false positive jsverify rngState 8bf7605ea139db4c28 2020-02-04 18:58:24 +01:00
El RIDO
2cbb8bf3ca
in translation, allow links to be inserted unencoded into href attribute, simplfy sanitation by allowing only <a> tags in DOMpurify for plain text and comments and avoid DOMpurify removing magnet links, fixes #579 2020-02-02 07:08:38 +01:00
El RIDO
cc0920fc09
add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it 2020-02-01 08:46:59 +01:00
El RIDO
9a4018bffe
jsverify rngState 8270695ec83abf412d was a false positive, due to incorrect test logic 2020-02-01 07:40:14 +01:00
El RIDO
8a6415ef5f
fixing jsverify rngStates 0220439df7ec68a15b, 015c81b7afd06e4293 & 041e3d57692b08fc4a 2020-01-31 22:42:42 +01:00
El RIDO
29efc14aa7
Revert "implement simplified translation logic, forcing the use of safe application via jQuery element" 
This reverts commit 62365880b4. The unit tests showed that the text2string function completely undid the XSS fix, so it was always unsafe to use it. Also the logic simplifications were smaller then expected.
 2020-01-25 09:07:29 +01:00
El RIDO
62365880b4
implement simplified translation logic, forcing the use of safe application via jQuery element 2020-01-25 09:07:06 +01:00
El RIDO
685c354d0e
several changes: 
- added tests for all 4 cases: output to string or into element vs first param contains link or not
- cleaned up logic - skip HTML entity encoding only if we can ensure insertion to text node / when output to string, we always encode
- DOMpurify sanitizes gopher, ws & wss links, which we previosly had tested for
 2020-01-18 10:44:35 +01:00
El RIDO
fa9d3037ba
fixing logic & indentation 2020-01-18 07:44:32 +01:00
El RIDO
fd4492f229
ensuring that both critical branches get tested 2020-01-18 07:09:56 +01:00
El RIDO
4bf7f863dc
more general solution addressing #554, kudos @rugk for the suggestions 2020-01-04 13:14:53 +01:00
El RIDO
8d0ac336d2
addressing jsverifyRngState 8b8f0d4ec2a67139b5, fixes HTML injection via filename, closes #554 2019-12-25 09:14:32 +01:00
Haocen Xu
e079f6c830
Implement Email button 2019-10-31 15:07:13 -04:00
El RIDO
e9eeeacdf0
addressing jsverifyRngState 0f5ea3f961827b0c4d 2019-09-19 20:48:05 +02:00
El RIDO
7c61f59dcd
removing untranslated string for non-human entities, moving insecure notice to template, so it can remains translated 2019-09-19 19:14:48 +02:00
El RIDO
4332d0edb0
making legacy.js work even on IE 6 by avoiding jQuery 2019-09-18 07:31:32 +02:00
El RIDO
63426d6f8b
splitting out PrivateBin.InitialCheck class into Legacy.Check and working on making it compatible with IE 11 2019-09-14 09:41:52 +02:00
El RIDO
c2962af4f8
trying different approach to convince codacy about false positive 2019-09-08 09:08:21 +02:00
El RIDO
5471757fa7
making webassembly optional, ensuring retry button works when wrong password is provided 
Tested configurations:
- browser with WASM support (Firefox 68.0.2)
  - creates paste with zlib compression, no password
  - creates paste with zlib compression, with password
  - reads paste with zlib compression, no password
  - reads paste with zlib compression, with password + retry button works
  - reads paste without compression, no password
  - reads paste without compression, with password + retry button works
- browser without WASM support (Chromium 76.0.3809.100, started via `chromium-browser --js-flags=--noexpose_wasm`)
  - creates paste without compression, no password, but shows WASM warning
  - creates paste without compression, with password, but shows WASM warning
  - fails to read paste with zlib compression, no password + shows WASM error
  - fails to read paste with zlib compression, with password + shows WASM error
  - reads paste without compression, no password
  - reads paste without compression, with password + retry button works
 2019-09-08 08:21:54 +02:00
El RIDO
c56d777c11
fixing logic when there are no icons and warning icons, add more test cases 2019-08-28 20:29:23 +02:00
El RIDO
ad570c391a
extend Alert class unit testing 2019-08-28 19:23:58 +02:00
El RIDO
a6aef109cc
making feature detection work as intended in chrome 2019-08-27 23:16:06 +02:00
El RIDO
6fcd82fb85
making the feature detection more robust, let users with no WASM create uncompressed pastes, remove dead & duplicate code 2019-08-27 07:38:27 +02:00
El RIDO
c707c87cac
addressing rngState 0ef2c5e06719a8b43d 2019-06-27 21:37:40 +02:00
El RIDO
2cbf528894
fixing failing unit tests in travisCI 2019-06-27 21:18:46 +02:00
El RIDO
67b9b5f0d8
correcting old browser detection logic, fixes #446 2019-06-27 20:11:22 +02:00
El RIDO
40493dfb3a
simplify logic, adding test cases for all combinations of URLs that are regarded as secure context 2019-06-23 10:38:08 +02:00
El RIDO
d9f27fb004
avoid instability of tests due to Alert callback testing, which can prevent notifications from getting displayed 2019-06-23 09:39:21 +02:00