george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixing jsverify rngStates 0220439df7ec68a15b, 015c81b7afd06e4293 & 041e3d57692b08fc4a

Browse Source
This commit is contained in:
El RIDO
2020-01-31 22:42:42 +01:00
parent 2d11d7b29e
commit 8a6415ef5f
5 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
js/privatebin.js
View File

@@ -630,7 +630,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
let containsLinks = args[0].indexOf('<a') !== -1;
// prevent double encoding, when we insert into a text node
if (!containsLinks || $element === null) {
if (containsLinks || $element === null) {
for (let i = 0; i < args.length; ++i) {
// parameters (i > 0) may never contain HTML as they may come from untrusted parties
if (i > 0 || !containsLinks) {
@@ -657,7 +657,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
$element.html(output);
} else {
// text node takes care of entity encoding
$element.text(output);
$element.text(output);
}
return '';
}

2
js/test/AttachmentViewer.js
View File

@@ -86,7 +86,7 @@ describe('AttachmentViewer', function () {
$.PrivateBin.AttachmentViewer.moveAttachmentTo(element, prefix + '%s' + postfix);
// messageIDs with links get a relaxed treatment
if (prefix.indexOf('<a') === -1 && postfix.indexOf('<a') === -1) {
result = $.PrivateBin.Helper.htmlEntities(prefix + filename + postfix);
result = $('<textarea>').text((prefix + filename + postfix)).text();
} else {
result = prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix;
}

23
js/test/I18n.js
View File

@@ -89,19 +89,20 @@ describe('I18n', function () {
prefix = prefix.replace(/%(s|d)/g, '%%');
params[0] = params[0].replace(/%(s|d)/g, '%%').replace(/<a/g, '');
postfix = postfix.replace(/%(s|d)/g, '%%');
const translation = $.PrivateBin.Helper.htmlEntities(prefix + params[0] + postfix);
params.unshift(prefix + '%s' + postfix);
const translation = $('<textarea>').text((prefix + params[0] + postfix)).text();
let args = Array.prototype.slice.call(params);
args.unshift(prefix + '%s' + postfix);
let clean = jsdom();
$('body').html('<div id="i18n"></div>');
params.unshift($('#i18n'));
$.PrivateBin.I18n.translate.apply(this, params);
args.unshift($('#i18n'));
$.PrivateBin.I18n.translate.apply(this, args);
const result = $('#i18n').text();
$.PrivateBin.I18n.reset();
clean();
clean = jsdom();
$('body').html('<div id="i18n"></div>');
params[0] = $('#i18n');
$.PrivateBin.I18n._.apply(this, params);
args[0] = $('#i18n');
$.PrivateBin.I18n._.apply(this, args);
const alias = $('#i18n').text();
$.PrivateBin.I18n.reset();
clean();
@@ -114,15 +115,15 @@ describe('I18n', function () {
'(small nearray) string',
'string',
function (prefix, params, postfix) {
prefix = prefix.replace(/%(s|d)/g, '%%');
params[0] = params[0].replace(/%(s|d)/g, '%%');
postfix = postfix.replace(/%(s|d)/g, '%%');
const translation = $('<div>').html(DOMPurify.sanitize(
prefix = prefix.replace(/%(s|d)/g, '%%').trim();
params[0] = params[0].replace(/%(s|d)/g, '%%').trim();
postfix = postfix.replace(/%(s|d)/g, '%%').trim();
const translation = DOMPurify.sanitize(
prefix + $.PrivateBin.Helper.htmlEntities(params[0]) + '<a></a>' + postfix, {
ALLOWED_TAGS: ['a', 'br', 'i', 'span'],
ALLOWED_ATTR: ['href', 'id']
}
)).html();
);
let args = Array.prototype.slice.call(params);
args.unshift(prefix + '%s<a></a>' + postfix);
let clean = jsdom();