mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-03-22 13:10:41 +08:00
fixing jsverify rngStates 0220439df7ec68a15b, 015c81b7afd06e4293 & 041e3d57692b08fc4a
This commit is contained in:
parent
2d11d7b29e
commit
8a6415ef5f
|
@ -630,7 +630,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||||
let containsLinks = args[0].indexOf('<a') !== -1;
|
let containsLinks = args[0].indexOf('<a') !== -1;
|
||||||
|
|
||||||
// prevent double encoding, when we insert into a text node
|
// prevent double encoding, when we insert into a text node
|
||||||
if (!containsLinks || $element === null) {
|
if (containsLinks || $element === null) {
|
||||||
for (let i = 0; i < args.length; ++i) {
|
for (let i = 0; i < args.length; ++i) {
|
||||||
// parameters (i > 0) may never contain HTML as they may come from untrusted parties
|
// parameters (i > 0) may never contain HTML as they may come from untrusted parties
|
||||||
if (i > 0 || !containsLinks) {
|
if (i > 0 || !containsLinks) {
|
||||||
|
|
|
@ -86,7 +86,7 @@ describe('AttachmentViewer', function () {
|
||||||
$.PrivateBin.AttachmentViewer.moveAttachmentTo(element, prefix + '%s' + postfix);
|
$.PrivateBin.AttachmentViewer.moveAttachmentTo(element, prefix + '%s' + postfix);
|
||||||
// messageIDs with links get a relaxed treatment
|
// messageIDs with links get a relaxed treatment
|
||||||
if (prefix.indexOf('<a') === -1 && postfix.indexOf('<a') === -1) {
|
if (prefix.indexOf('<a') === -1 && postfix.indexOf('<a') === -1) {
|
||||||
result = $.PrivateBin.Helper.htmlEntities(prefix + filename + postfix);
|
result = $('<textarea>').text((prefix + filename + postfix)).text();
|
||||||
} else {
|
} else {
|
||||||
result = prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix;
|
result = prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix;
|
||||||
}
|
}
|
||||||
|
|
|
@ -89,19 +89,20 @@ describe('I18n', function () {
|
||||||
prefix = prefix.replace(/%(s|d)/g, '%%');
|
prefix = prefix.replace(/%(s|d)/g, '%%');
|
||||||
params[0] = params[0].replace(/%(s|d)/g, '%%').replace(/<a/g, '');
|
params[0] = params[0].replace(/%(s|d)/g, '%%').replace(/<a/g, '');
|
||||||
postfix = postfix.replace(/%(s|d)/g, '%%');
|
postfix = postfix.replace(/%(s|d)/g, '%%');
|
||||||
const translation = $.PrivateBin.Helper.htmlEntities(prefix + params[0] + postfix);
|
const translation = $('<textarea>').text((prefix + params[0] + postfix)).text();
|
||||||
params.unshift(prefix + '%s' + postfix);
|
let args = Array.prototype.slice.call(params);
|
||||||
|
args.unshift(prefix + '%s' + postfix);
|
||||||
let clean = jsdom();
|
let clean = jsdom();
|
||||||
$('body').html('<div id="i18n"></div>');
|
$('body').html('<div id="i18n"></div>');
|
||||||
params.unshift($('#i18n'));
|
args.unshift($('#i18n'));
|
||||||
$.PrivateBin.I18n.translate.apply(this, params);
|
$.PrivateBin.I18n.translate.apply(this, args);
|
||||||
const result = $('#i18n').text();
|
const result = $('#i18n').text();
|
||||||
$.PrivateBin.I18n.reset();
|
$.PrivateBin.I18n.reset();
|
||||||
clean();
|
clean();
|
||||||
clean = jsdom();
|
clean = jsdom();
|
||||||
$('body').html('<div id="i18n"></div>');
|
$('body').html('<div id="i18n"></div>');
|
||||||
params[0] = $('#i18n');
|
args[0] = $('#i18n');
|
||||||
$.PrivateBin.I18n._.apply(this, params);
|
$.PrivateBin.I18n._.apply(this, args);
|
||||||
const alias = $('#i18n').text();
|
const alias = $('#i18n').text();
|
||||||
$.PrivateBin.I18n.reset();
|
$.PrivateBin.I18n.reset();
|
||||||
clean();
|
clean();
|
||||||
|
@ -114,15 +115,15 @@ describe('I18n', function () {
|
||||||
'(small nearray) string',
|
'(small nearray) string',
|
||||||
'string',
|
'string',
|
||||||
function (prefix, params, postfix) {
|
function (prefix, params, postfix) {
|
||||||
prefix = prefix.replace(/%(s|d)/g, '%%');
|
prefix = prefix.replace(/%(s|d)/g, '%%').trim();
|
||||||
params[0] = params[0].replace(/%(s|d)/g, '%%');
|
params[0] = params[0].replace(/%(s|d)/g, '%%').trim();
|
||||||
postfix = postfix.replace(/%(s|d)/g, '%%');
|
postfix = postfix.replace(/%(s|d)/g, '%%').trim();
|
||||||
const translation = $('<div>').html(DOMPurify.sanitize(
|
const translation = DOMPurify.sanitize(
|
||||||
prefix + $.PrivateBin.Helper.htmlEntities(params[0]) + '<a></a>' + postfix, {
|
prefix + $.PrivateBin.Helper.htmlEntities(params[0]) + '<a></a>' + postfix, {
|
||||||
ALLOWED_TAGS: ['a', 'br', 'i', 'span'],
|
ALLOWED_TAGS: ['a', 'br', 'i', 'span'],
|
||||||
ALLOWED_ATTR: ['href', 'id']
|
ALLOWED_ATTR: ['href', 'id']
|
||||||
}
|
}
|
||||||
)).html();
|
);
|
||||||
let args = Array.prototype.slice.call(params);
|
let args = Array.prototype.slice.call(params);
|
||||||
args.unshift(prefix + '%s<a></a>' + postfix);
|
args.unshift(prefix + '%s<a></a>' + postfix);
|
||||||
let clean = jsdom();
|
let clean = jsdom();
|
||||||
|
|
|
@ -72,7 +72,7 @@ endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.7.js" integrity="sha512-XjNEK1xwh7SJ/7FouwV4VZcGW9cMySL3SwNpXgrURLBcXXQYtZdqhGoNdEwx9vwLvFjUGDQVNgpOrTsXlSTiQg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.7.js" integrity="sha512-XjNEK1xwh7SJ/7FouwV4VZcGW9cMySL3SwNpXgrURLBcXXQYtZdqhGoNdEwx9vwLvFjUGDQVNgpOrTsXlSTiQg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-H1yl7DMaZcsr+Lz774u1sD6HanAPJ/jqYaAIUz1HVDwgSpAFfi68Yifrain6gd9Dz0BoxNf9OavTas0RNRIIPA==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-P/peDxl4L6FQXi8bxxrMgkaYaG5S3wfJCQQCJgxIp94SkF/ctP99zY9hXtMHTypcCz8V1+h5HtwI3ZjNsT9Bcw==" crossorigin="anonymous"></script>
|
||||||
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
|
<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
|
||||||
|
|
|
@ -50,7 +50,7 @@ endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.7.js" integrity="sha512-XjNEK1xwh7SJ/7FouwV4VZcGW9cMySL3SwNpXgrURLBcXXQYtZdqhGoNdEwx9vwLvFjUGDQVNgpOrTsXlSTiQg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.7.js" integrity="sha512-XjNEK1xwh7SJ/7FouwV4VZcGW9cMySL3SwNpXgrURLBcXXQYtZdqhGoNdEwx9vwLvFjUGDQVNgpOrTsXlSTiQg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-H1yl7DMaZcsr+Lz774u1sD6HanAPJ/jqYaAIUz1HVDwgSpAFfi68Yifrain6gd9Dz0BoxNf9OavTas0RNRIIPA==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-P/peDxl4L6FQXi8bxxrMgkaYaG5S3wfJCQQCJgxIp94SkF/ctP99zY9hXtMHTypcCz8V1+h5HtwI3ZjNsT9Bcw==" crossorigin="anonymous"></script>
|
||||||
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
|
<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
|
||||||
|
|
Loading…
Reference in New Issue
Block a user