george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

reverting escaping just for Markdown formatting, as discussed in #269

Browse Source
This commit is contained in:
El RIDO
2018-01-03 21:18:33 +01:00
parent a95701bba8
commit 5e070db6a1
4 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
js/privatebin.js
View File

@@ -1700,8 +1700,11 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
return;
}
// set sanitized and linked text
var sanitizedLinkedText = DOMPurify.sanitize(Helper.urls2links(text));
// escape HTML entities, link URLs, sanitize
var escapedLinkedText = Helper.urls2links(
$('<div />').text(text).html()
),
sanitizedLinkedText = DOMPurify.sanitize(escapedLinkedText);
$plainText.html(sanitizedLinkedText);
$prettyPrint.html(sanitizedLinkedText);
@@ -1728,7 +1731,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
$prettyPrint.html(
DOMPurify.sanitize(
prettyPrintOne(Helper.urls2links(text), null, true)
prettyPrintOne(escapedLinkedText, null, true)
)
);
// fall through, as the rest is the same
@@ -1824,8 +1827,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
*/
me.setText = function(newText)
{
// escape HTML entities
newText = $('<div />').text(newText).html();
if (text !== newText) {
text = newText;
isChanged = true;

2
js/test/PasteViewer.js
View File

@@ -48,7 +48,7 @@ describe('PasteViewer', function () {
results.push(
$('#placeholder').hasClass('hidden') &&
!$.PrivateBin.PasteViewer.isPrettyPrinted() &&
$.PrivateBin.PasteViewer.getText() == $('<div />').text(text).html()
$.PrivateBin.PasteViewer.getText() == text
);
if (format == 'markdown') {
results.push(