george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,608 Commits 14 Branches 20 Tags
adece1d784120640e29d408dea3e15c1bfeb8469
Commit Graph

97 Commits

Author SHA1 Message Date
El RIDO
12c83a13c7 addressing false positive jsverify rngState 85f362db8950cea741 2020-02-05 19:06:45 +01:00
El RIDO
bab95cce1b addressing false positive jsverify rngState 8bf7605ea139db4c28 2020-02-04 18:58:24 +01:00
El RIDO
2cbb8bf3ca in translation, allow links to be inserted unencoded into href attribute, simplfy sanitation by allowing only <a> tags in DOMpurify for plain text and comments and avoid DOMpurify removing magnet links, fixes #579 2020-02-02 07:08:38 +01:00
El RIDO
cc0920fc09 add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it 2020-02-01 08:46:59 +01:00
El RIDO
9a4018bffe jsverify rngState 8270695ec83abf412d was a false positive, due to incorrect test logic 2020-02-01 07:40:14 +01:00
El RIDO
8a6415ef5f fixing jsverify rngStates 0220439df7ec68a15b, 015c81b7afd06e4293 & 041e3d57692b08fc4a 2020-01-31 22:42:42 +01:00
El RIDO
29efc14aa7 Revert "implement simplified translation logic, forcing the use of safe application via jQuery element" 
This reverts commit 62365880b4. The unit tests showed that the text2string function completely undid the XSS fix, so it was always unsafe to use it. Also the logic simplifications were smaller then expected.
 2020-01-25 09:07:29 +01:00
El RIDO
62365880b4 implement simplified translation logic, forcing the use of safe application via jQuery element 2020-01-25 09:07:06 +01:00
El RIDO
685c354d0e several changes: 
- added tests for all 4 cases: output to string or into element vs first param contains link or not
- cleaned up logic - skip HTML entity encoding only if we can ensure insertion to text node / when output to string, we always encode
- DOMpurify sanitizes gopher, ws & wss links, which we previosly had tested for
 2020-01-18 10:44:35 +01:00
El RIDO
fa9d3037ba fixing logic & indentation 2020-01-18 07:44:32 +01:00
El RIDO
fd4492f229 ensuring that both critical branches get tested 2020-01-18 07:09:56 +01:00
El RIDO
4bf7f863dc more general solution addressing #554, kudos @rugk for the suggestions 2020-01-04 13:14:53 +01:00
El RIDO
8d0ac336d2 addressing jsverifyRngState 8b8f0d4ec2a67139b5, fixes HTML injection via filename, closes #554 2019-12-25 09:14:32 +01:00
Haocen Xu
e079f6c830 Implement Email button 2019-10-31 15:07:13 -04:00
El RIDO
e9eeeacdf0 addressing jsverifyRngState 0f5ea3f961827b0c4d 2019-09-19 20:48:05 +02:00
El RIDO
7c61f59dcd removing untranslated string for non-human entities, moving insecure notice to template, so it can remains translated 2019-09-19 19:14:48 +02:00
El RIDO
4332d0edb0 making legacy.js work even on IE 6 by avoiding jQuery 2019-09-18 07:31:32 +02:00
El RIDO
63426d6f8b splitting out PrivateBin.InitialCheck class into Legacy.Check and working on making it compatible with IE 11 2019-09-14 09:41:52 +02:00
El RIDO
c2962af4f8 trying different approach to convince codacy about false positive 2019-09-08 09:08:21 +02:00
El RIDO
5471757fa7 making webassembly optional, ensuring retry button works when wrong password is provided 
Tested configurations:
- browser with WASM support (Firefox 68.0.2)
  - creates paste with zlib compression, no password
  - creates paste with zlib compression, with password
  - reads paste with zlib compression, no password
  - reads paste with zlib compression, with password + retry button works
  - reads paste without compression, no password
  - reads paste without compression, with password + retry button works
- browser without WASM support (Chromium 76.0.3809.100, started via `chromium-browser --js-flags=--noexpose_wasm`)
  - creates paste without compression, no password, but shows WASM warning
  - creates paste without compression, with password, but shows WASM warning
  - fails to read paste with zlib compression, no password + shows WASM error
  - fails to read paste with zlib compression, with password + shows WASM error
  - reads paste without compression, no password
  - reads paste without compression, with password + retry button works
 2019-09-08 08:21:54 +02:00
El RIDO
c56d777c11 fixing logic when there are no icons and warning icons, add more test cases 2019-08-28 20:29:23 +02:00
El RIDO
ad570c391a extend Alert class unit testing 2019-08-28 19:23:58 +02:00
El RIDO
a6aef109cc making feature detection work as intended in chrome 2019-08-27 23:16:06 +02:00
El RIDO
6fcd82fb85 making the feature detection more robust, let users with no WASM create uncompressed pastes, remove dead & duplicate code 2019-08-27 07:38:27 +02:00
El RIDO
c707c87cac addressing rngState 0ef2c5e06719a8b43d 2019-06-27 21:37:40 +02:00
El RIDO
2cbf528894 fixing failing unit tests in travisCI 2019-06-27 21:18:46 +02:00
El RIDO
67b9b5f0d8 correcting old browser detection logic, fixes #446 2019-06-27 20:11:22 +02:00
El RIDO
40493dfb3a simplify logic, adding test cases for all combinations of URLs that are regarded as secure context 2019-06-23 10:38:08 +02:00
El RIDO
d9f27fb004 avoid instability of tests due to Alert callback testing, which can prevent notifications from getting displayed 2019-06-23 09:39:21 +02:00
El RIDO
603f7fd911 adding tests for all cases 2019-06-22 15:44:54 +02:00
El RIDO
59153633b8 adding test for bot UAs 2019-06-22 09:12:31 +02:00
El RIDO
50cc6995e0 making use of the URL object in the existing tests 2019-06-20 22:30:49 +02:00
El RIDO
6cf52f4cf3 mocking window.URL.createObjectURL to have tests working with blob URLs 2019-06-15 08:56:47 +02:00
El RIDO
c4b84b2b6b extract version logic into paste & comment classes 2019-05-25 13:20:39 +02:00
El RIDO
353d08daf6 handle regression due to base58 stripping NULL bytes, discovered via JSVerify RNG state 0dec6b2a5f04d19873 2019-05-19 09:54:40 +02:00
El RIDO
8fd3e680e4 base58 will left trim NULL bytes, handling JSVerify RNG state 0dec6b2a5f04d19873 2019-05-19 09:05:56 +02:00
El RIDO
86b4e0e7a4 revert autoformatting applied by IDE 2019-05-19 08:43:07 +02:00
El RIDO
3b0ab7e99f fixing regression handling v1 key format (un-decoded base64) 2019-05-19 08:36:18 +02:00
El RIDO
0e71211fad v2 paste can successfully en- and decrypt the particular message, fixes #260 2019-05-19 08:25:34 +02:00
El RIDO
7111e38898 Merge branch 'empty-paste' into webcrypto 2019-05-19 07:52:37 +02:00
El RIDO
6f480bf014 Merge branch 'master' into webcrypto, implementing base58, fixes #377 2019-05-15 21:20:54 +02:00
El RIDO
5779d87788 integrating compression test case that failed in rawdeflate in webcrypto + zlib testing, proving this fixes #328 2019-05-15 18:56:42 +02:00
El RIDO
e77eb1de13 Merge branch 'truncation' into webcrypto 2019-05-15 18:44:26 +02:00
El RIDO
09162a3c57 fix display of v2 pastes in JS, fixing parsing of comments in PHP, avoid exposing expiration date (we provide time_to_live, would allow calculation of creation date of paste) 2019-05-15 07:44:03 +02:00
El RIDO
5652a43d1d adding js test to generate v2 example pastes to be used in the development of the server side logic, adding one of these into the helper class of the php tests 2019-04-16 07:45:04 +02:00
El RIDO
e418b083e8 Merge branch 'master' into webcrypto 2019-01-22 20:11:42 +01:00
El RIDO
79a858f176 extracting only the 16 hex characters of the query string as paste ID, addressing #396 2019-01-20 12:20:37 +01:00
El RIDO
cc53d95ed1 extending test cases to reproduce the issue from #396, causing the existing logic to now fail the tests 2019-01-20 11:05:34 +01:00
El RIDO
0ee86f33da key in version 2 is raw value instead of base64 (which reduces its complexity), made PasteDecryptor support both versions of the format, refactoring method names, replacing var by let / const, reducing zlib compression level from 9 to 7 to half the time spent on compression 2018-12-29 18:40:59 +01:00
El RIDO
0ad5b3e900 implement zlib via web assembly, replacing rawdeflate library 2018-12-27 21:32:13 +01:00