george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

several changes:

Browse Source 
- added tests for all 4 cases: output to string or into element vs first param contains link or not
- cleaned up logic - skip HTML entity encoding only if we can ensure insertion to text node / when output to string, we always encode
- DOMpurify sanitizes gopher, ws & wss links, which we previosly had tested for
This commit is contained in:
El RIDO
2020-01-18 10:44:35 +01:00
parent fa9d3037ba
commit 685c354d0e
6 changed files with 105 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
js/test/AttachmentViewer.js
View File

@@ -88,7 +88,7 @@ describe('AttachmentViewer', function () {
if (prefix.indexOf('<a') === -1 && postfix.indexOf('<a') === -1) {
result = $.PrivateBin.Helper.htmlEntities(prefix + filename + postfix);
} else {
result = $('<div>').html(prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix).html();
result = prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix;
}
if (filename.length) {
results.push(