replacing Base64.js with browser built in's, except for legacy paste support

2018-08-05 08:56:03 +02:00
parent 6f25d651b7
commit c4fc7edc43
7 changed files with 87 additions and 65 deletions
--- a/js/base64-2.4.5.js
+++ b/js/base64-2.4.5.js
@@ -1 +0,0 @@
-(function(global,factory){typeof exports==="object"&&typeof module!=="undefined"?module.exports=factory(global):typeof define==="function"&&define.amd?define(factory):factory(global)})(typeof self!=="undefined"?self:typeof window!=="undefined"?window:typeof global!=="undefined"?global:this,function(global){"use strict";var _Base64=global.Base64;var version="2.4.5";var buffer;if(typeof module!=="undefined"&&module.exports){try{buffer=require("buffer").Buffer}catch(err){}}var b64chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";var b64tab=function(bin){var t={};for(var i=0,l=bin.length;i<l;i++)t[bin.charAt(i)]=i;return t}(b64chars);var fromCharCode=String.fromCharCode;var cb_utob=function(c){if(c.length<2){var cc=c.charCodeAt(0);return cc<128?c:cc<2048?fromCharCode(192|cc>>>6)+fromCharCode(128|cc&63):fromCharCode(224|cc>>>12&15)+fromCharCode(128|cc>>>6&63)+fromCharCode(128|cc&63)}else{var cc=65536+(c.charCodeAt(0)-55296)*1024+(c.charCodeAt(1)-56320);return fromCharCode(240|cc>>>18&7)+fromCharCode(128|cc>>>12&63)+fromCharCode(128|cc>>>6&63)+fromCharCode(128|cc&63)}};var re_utob=/[\uD800-\uDBFF][\uDC00-\uDFFFF]|[^\x00-\x7F]/g;var utob=function(u){return u.replace(re_utob,cb_utob)};var cb_encode=function(ccc){var padlen=[0,2,1][ccc.length%3],ord=ccc.charCodeAt(0)<<16|(ccc.length>1?ccc.charCodeAt(1):0)<<8|(ccc.length>2?ccc.charCodeAt(2):0),chars=[b64chars.charAt(ord>>>18),b64chars.charAt(ord>>>12&63),padlen>=2?"=":b64chars.charAt(ord>>>6&63),padlen>=1?"=":b64chars.charAt(ord&63)];return chars.join("")};var btoa=global.btoa?function(b){return global.btoa(b)}:function(b){return b.replace(/[\s\S]{1,3}/g,cb_encode)};var _encode=buffer?buffer.from&&Uint8Array&&buffer.from!==Uint8Array.from?function(u){return(u.constructor===buffer.constructor?u:buffer.from(u)).toString("base64")}:function(u){return(u.constructor===buffer.constructor?u:new buffer(u)).toString("base64")}:function(u){return btoa(utob(u))};var encode=function(u,urisafe){return!urisafe?_encode(String(u)):_encode(String(u)).replace(/[+\/]/g,function(m0){return m0=="+"?"-":"_"}).replace(/=/g,"")};var encodeURI=function(u){return encode(u,true)};var re_btou=new RegExp(["[À-ß][-¿]","[à-ï][-¿]{2}","[ð-÷][-¿]{3}"].join("|"),"g");var cb_btou=function(cccc){switch(cccc.length){case 4:var cp=(7&cccc.charCodeAt(0))<<18|(63&cccc.charCodeAt(1))<<12|(63&cccc.charCodeAt(2))<<6|63&cccc.charCodeAt(3),offset=cp-65536;return fromCharCode((offset>>>10)+55296)+fromCharCode((offset&1023)+56320);case 3:return fromCharCode((15&cccc.charCodeAt(0))<<12|(63&cccc.charCodeAt(1))<<6|63&cccc.charCodeAt(2));default:return fromCharCode((31&cccc.charCodeAt(0))<<6|63&cccc.charCodeAt(1))}};var btou=function(b){return b.replace(re_btou,cb_btou)};var cb_decode=function(cccc){var len=cccc.length,padlen=len%4,n=(len>0?b64tab[cccc.charAt(0)]<<18:0)|(len>1?b64tab[cccc.charAt(1)]<<12:0)|(len>2?b64tab[cccc.charAt(2)]<<6:0)|(len>3?b64tab[cccc.charAt(3)]:0),chars=[fromCharCode(n>>>16),fromCharCode(n>>>8&255),fromCharCode(n&255)];chars.length-=[0,0,2,1][padlen];return chars.join("")};var atob=global.atob?function(a){return global.atob(a)}:function(a){return a.replace(/[\s\S]{1,4}/g,cb_decode)};var _decode=buffer?buffer.from&&Uint8Array&&buffer.from!==Uint8Array.from?function(a){return(a.constructor===buffer.constructor?a:buffer.from(a,"base64")).toString()}:function(a){return(a.constructor===buffer.constructor?a:new buffer(a,"base64")).toString()}:function(a){return btou(atob(a))};var decode=function(a){return _decode(String(a).replace(/[-_]/g,function(m0){return m0=="-"?"+":"/"}).replace(/[^A-Za-z0-9\+\/]/g,""))};var noConflict=function(){var Base64=global.Base64;global.Base64=_Base64;return Base64};global.Base64={VERSION:version,atob:atob,btoa:btoa,fromBase64:decode,toBase64:encode,utob:utob,encode:encode,encodeURI:encodeURI,btou:btou,decode:decode,noConflict:noConflict};if(typeof Object.defineProperty==="function"){var noEnum=function(v){return{value:v,enumerable:false,writable:true,configurable:true}};global.Base64.extendString=function(){Object.defineProperty(String.prototype,"fromBase64",noEnum(function(){return decode(this)}));Object.defineProperty(String.prototype,"toBase64",noEnum(function(urisafe){return encode(this,urisafe)}));Object.defineProperty(String.prototype,"toBase64URI",noEnum(function(){return encode(this,true)}))}}if(global["Meteor"]){Base64=global.Base64}if(typeof module!=="undefined"&&module.exports){module.exports.Base64=global.Base64}else if(typeof define==="function"&&define.amd){define([],function(){return global.Base64})}return{Base64:global.Base64}});
--- a/js/common.js
+++ b/js/common.js
@@ -10,7 +10,6 @@ global.fs = require('fs');
 // application libraries to test
 global.$ = global.jQuery = require('./jquery-3.3.1');
 global.sjcl = require('./sjcl-1.0.7');
-global.Base64 = require('./base64-2.4.5').Base64;
 global.RawDeflate = require('./rawdeflate-0.5').RawDeflate;
 global.RawDeflate.inflate = require('./rawinflate-0.3').RawDeflate.inflate;
 require('./prettify');
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -30,7 +30,7 @@ jQuery(document).ready(function() {
    $.PrivateBin.Controller.init();
 });

-jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
+jQuery.PrivateBin = (function($, sjcl, RawDeflate) {
    'use strict';

    /**
@@ -527,7 +527,54 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
        var me = {};

        /**
-         * compress a message (deflate compression), returns base64 encoded data
+         * convert DOMString (UTF-16) to a UTF-8 string stored in a DOMString
+         *
+         * URI encodes the message, then finds the percent encoded characters
+         * and transforms these hexadecimal representation back into bytes
+         *
+         * @name   CryptTool.utob
+         * @function
+         * @private
+         * @param  {string} message UTF-16 string
+         * @return {string} UTF-8 string
+         */
+        function utob(message)
+        {
+            return encodeURIComponent(message).replace(
+                /%([0-9A-F]{2})/g,
+                function (match, hexCharacter)
+                {
+                    return String.fromCharCode('0x' + hexCharacter);
+                }
+            );
+        }
+
+        /**
+         * convert UTF-8 string stored in a DOMString to a standard UTF-16 DOMString
+         *
+         * Iterates over the bytes of the message, converting them all hexadecimal
+         * percent encoded representations, then URI decodes them all
+         *
+         * @name   CryptTool.btou
+         * @function
+         * @private
+         * @param  {string} message UTF-8 string
+         * @return {string} UTF-16 string
+         */
+        function btou(message)
+        {
+            return decodeURIComponent(
+                message.split('').map(
+                    function(character)
+                    {
+                        return '%' + ('00' + character.charCodeAt(0).toString(16)).slice(-2);
+                    }
+                ).join('')
+            );
+        }
+
+        /**
+         * compress a string, returns base64 encoded data (deflate compression)
         *
         * @name   CryptTool.compress
         * @function
@@ -537,21 +584,31 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
         */
        function compress(message)
        {
-            return Base64.toBase64( RawDeflate.deflate( Base64.utob(message) ) );
+            // detect presence of Base64.js, indicating legacy ZeroBin paste
+            if (typeof Base64 === 'undefined') {
+                return btoa( utob( RawDeflate.deflate( utob( message ) ) ) );
+            } else {
+                return Base64.toBase64( RawDeflate.deflate( Base64.utob( message ) ) );
+            }
        }

        /**
-         * decompress a message compressed with cryptToolcompress()
+         * decompress a base64 encoded data (deflate compression), returns string
         *
         * @name   CryptTool.decompress
         * @function
         * @private
-         * @param  {string} data - base64 data
+         * @param  {string} data base64 data
         * @return {string} message
         */
        function decompress(data)
        {
-            return Base64.btou( RawDeflate.inflate( Base64.fromBase64(data) ) );
+            // detect presence of Base64.js, indicating legacy ZeroBin paste
+            if (typeof Base64 === 'undefined') {
+                return btou( RawDeflate.inflate( btou( atob( data ) ) ) );
+            } else {
+                return Base64.btou( RawDeflate.inflate( Base64.fromBase64( data ) ) );
+            }
        }

        /**
@@ -624,10 +681,15 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
                typeof window !== 'undefined' &&
                typeof Uint8Array !== 'undefined' &&
                String.fromCodePoint &&
-                (crypto = window.crypto || window.msCrypto)
+                (
+                    typeof window.crypto !== 'undefined' ||
+                    typeof window.msCrypto !== 'undefined'
+                )
            ) {
                // modern browser environment
-                var bytes = '', byteArray = new Uint8Array(32);
+                var bytes = '',
+                    byteArray = new Uint8Array(32),
+                    crypto = window.crypto || window.msCrypto;
                crypto.getRandomValues(byteArray);
                for (var i = 0; i < 32; ++i) {
                    bytes += String.fromCharCode(byteArray[i]);
@@ -4386,4 +4448,4 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
        PasteDecrypter: PasteDecrypter,
        Controller: Controller
    };
-})(jQuery, sjcl, Base64, RawDeflate);
+})(jQuery, sjcl, RawDeflate);
--- a/js/test/CryptTool.js
+++ b/js/test/CryptTool.js
@@ -24,8 +24,13 @@ describe('CryptTool', function () {
        // The below static unit tests are included to ensure deciphering of "classic"
        // SJCL based pastes still works
        it(
-            'supports PrivateBin v1 ciphertext (SJCL & Base64)',
+            'supports PrivateBin v1 ciphertext (SJCL & browser atob)',
            function () {
+                delete global.Base64;
+                // make btoa available
+                jsdom();
+                global.btoa = window.btoa;
+
                // Of course you can easily decipher the following texts, if you like.
                // Bonus points for finding their sources and hidden meanings.
                var paste1 = $.PrivateBin.CryptTool.decipher(
@@ -97,11 +102,7 @@ describe('CryptTool', function () {
        it(
            'supports ZeroBin ciphertext (SJCL & Base64 1.7)',
            function () {
-                var newBase64 = global.Base64;
                global.Base64 = require('../base64-1.7').Base64;
-                jsdom();
-                delete require.cache[require.resolve('../privatebin')];
-                require('../privatebin');

                // Of course you can easily decipher the following texts, if you like.
                // Bonus points for finding their sources and hidden meanings.
@@ -149,10 +150,7 @@ describe('CryptTool', function () {
                    'QbuspOKrBvMfN5igA1kBqasnxI472KBNXsdZnaDddSVUuvhTcETM="}'
                );

-                global.Base64 = newBase64;
-                jsdom();
-                delete require.cache[require.resolve('../privatebin')];
-                require('../privatebin');
+                delete global.Base64;
                assert.ok(
                    paste1.includes('securely packed in iron') &&
                    paste2.includes('Sol is right')
@@ -177,18 +175,20 @@ describe('CryptTool', function () {
        );
    });

-    describe('Base64.js vs SJCL.js vs abab.js', function () {
+    describe('SJCL.js vs abab.js', function () {
        jsc.property(
            'these all return the same base64 string',
            'string',
            function(string) {
-                var base64 = Base64.toBase64(string),
+                // make btoa/atob available
+                jsdom();
+                // not comparing Base64.js v1.7 encode/decode, that has known issues
+                var Base64 = require('../base64-1.7').Base64,
                    sjcl = global.sjcl.codec.base64.fromBits(global.sjcl.codec.utf8String.toBits(string)),
                    abab = window.btoa(Base64.utob(string)),
-                    esab46 = Base64.fromBase64(sjcl),
                    lcjs = global.sjcl.codec.utf8String.fromBits(global.sjcl.codec.base64.toBits(abab)),
-                    baba = Base64.btou(window.atob(base64));
-                return base64 === sjcl && sjcl === abab && string === esab46 && esab46 === lcjs && lcjs === baba;
+                    baba = Base64.btou(window.atob(sjcl));
+                return sjcl === abab && string === lcjs && lcjs === baba;
            }
        );
    });
				`@@ -1 +0,0 @@`
				(function(global,factory){typeof exports==="object"&&typeof module!=="undefined"?module.exports=factory(global):typeof define==="function"&&define.amd?define(factory):factory(global)})(typeof self!=="undefined"?self:typeof window!=="undefined"?window:typeof global!=="undefined"?global:this,function(global){"use strict";var _Base64=global.Base64;var version="2.4.5";var buffer;if(typeof module!=="undefined"&&module.exports){try{buffer=require("buffer").Buffer}catch(err){}}var b64chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";var b64tab=function(bin){var t={};for(var i=0,l=bin.length;i<l;i++)t[bin.charAt(i)]=i;return t}(b64chars);var fromCharCode=String.fromCharCode;var cb_utob=function(c){if(c.length<2){var cc=c.charCodeAt(0);return cc<128?c:cc<2048?fromCharCode(192\|cc>>>6)+fromCharCode(128\|cc&63):fromCharCode(224\|cc>>>12&15)+fromCharCode(128\|cc>>>6&63)+fromCharCode(128\|cc&63)}else{var cc=65536+(c.charCodeAt(0)-55296)*1024+(c.charCodeAt(1)-56320);return fromCharCode(240\|cc>>>18&7)+fromCharCode(128\|cc>>>12&63)+fromCharCode(128\|cc>>>6&63)+fromCharCode(128\|cc&63)}};var re_utob=/[\uD800-\uDBFF][\uDC00-\uDFFFF]\|[^\x00-\x7F]/g;var utob=function(u){return u.replace(re_utob,cb_utob)};var cb_encode=function(ccc){var padlen=[0,2,1][ccc.length%3],ord=ccc.charCodeAt(0)<<16\|(ccc.length>1?ccc.charCodeAt(1):0)<<8\|(ccc.length>2?ccc.charCodeAt(2):0),chars=[b64chars.charAt(ord>>>18),b64chars.charAt(ord>>>12&63),padlen>=2?"=":b64chars.charAt(ord>>>6&63),padlen>=1?"=":b64chars.charAt(ord&63)];return chars.join("")};var btoa=global.btoa?function(b){return global.btoa(b)}:function(b){return b.replace(/[\s\S]{1,3}/g,cb_encode)};var _encode=buffer?buffer.from&&Uint8Array&&buffer.from!==Uint8Array.from?function(u){return(u.constructor===buffer.constructor?u:buffer.from(u)).toString("base64")}:function(u){return(u.constructor===buffer.constructor?u:new buffer(u)).toString("base64")}:function(u){return btoa(utob(u))};var encode=function(u,urisafe){return!urisafe?_encode(String(u)):_encode(String(u)).replace(/[+\/]/g,function(m0){return m0=="+"?"-":"_"}).replace(/=/g,"")};var encodeURI=function(u){return encode(u,true)};var re_btou=new RegExp(["[À-ß][-¿]","[à-ï][-¿]{2}","[ð-÷][-¿]{3}"].join("\|"),"g");var cb_btou=function(cccc){switch(cccc.length){case 4:var cp=(7&cccc.charCodeAt(0))<<18\|(63&cccc.charCodeAt(1))<<12\|(63&cccc.charCodeAt(2))<<6\|63&cccc.charCodeAt(3),offset=cp-65536;return fromCharCode((offset>>>10)+55296)+fromCharCode((offset&1023)+56320);case 3:return fromCharCode((15&cccc.charCodeAt(0))<<12\|(63&cccc.charCodeAt(1))<<6\|63&cccc.charCodeAt(2));default:return fromCharCode((31&cccc.charCodeAt(0))<<6\|63&cccc.charCodeAt(1))}};var btou=function(b){return b.replace(re_btou,cb_btou)};var cb_decode=function(cccc){var len=cccc.length,padlen=len%4,n=(len>0?b64tab[cccc.charAt(0)]<<18:0)\|(len>1?b64tab[cccc.charAt(1)]<<12:0)\|(len>2?b64tab[cccc.charAt(2)]<<6:0)\|(len>3?b64tab[cccc.charAt(3)]:0),chars=[fromCharCode(n>>>16),fromCharCode(n>>>8&255),fromCharCode(n&255)];chars.length-=[0,0,2,1][padlen];return chars.join("")};var atob=global.atob?function(a){return global.atob(a)}:function(a){return a.replace(/[\s\S]{1,4}/g,cb_decode)};var _decode=buffer?buffer.from&&Uint8Array&&buffer.from!==Uint8Array.from?function(a){return(a.constructor===buffer.constructor?a:buffer.from(a,"base64")).toString()}:function(a){return(a.constructor===buffer.constructor?a:new buffer(a,"base64")).toString()}:function(a){return btou(atob(a))};var decode=function(a){return _decode(String(a).replace(/[-_]/g,function(m0){return m0=="-"?"+":"/"}).replace(/[^A-Za-z0-9\+\/]/g,""))};var noConflict=function(){var Base64=global.Base64;global.Base64=_Base64;return Base64};global.Base64={VERSION:version,atob:atob,btoa:btoa,fromBase64:decode,toBase64:encode,utob:utob,encode:encode,encodeURI:encodeURI,btou:btou,decode:decode,noConflict:noConflict};if(typeof Object.defineProperty==="function"){var noEnum=function(v){return{value:v,enumerable:false,writable:true,configurable:true}};global.Base64.extendString=function(){Object.defineProperty(String.prototype,"fromBase64",noEnum(function(){return decode(this)}));Object.defineProperty(String.prototype,"toBase64",noEnum(function(urisafe){return encode(this,urisafe)}));Object.defineProperty(String.prototype,"toBase64URI",noEnum(function(){return encode(this,true)}))}}if(global["Meteor"]){Base64=global.Base64}if(typeof module!=="undefined"&&module.exports){module.exports.Base64=global.Base64}else if(typeof define==="function"&&define.amd){define([],function(){return global.Base64})}return{Base64:global.Base64}});