mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-03-22 13:10:41 +08:00
Potentiel security bug corrected
Bug reproduction: 1) paste texte containing html/javascript. 2) send 3) clic "Raw text" 4) refresh: The html/javascript is interpreted instead of just displayed. Under some versions of Chrome, it happens without refreshing. This bug was corrected. (cherry picked from commit 4f8750bbddcb137213529875e45e3ace3be9a769)
This commit is contained in:
parent
e7feca0e53
commit
daf5522b1e
|
@ -439,10 +439,9 @@ function stateExistingPaste() {
|
|||
*/
|
||||
function rawText()
|
||||
{
|
||||
history.pushState(document.title, document.title, 'document.txt');
|
||||
var paste = $('div#cleartext').text();
|
||||
var newDoc = document.open('text/plain', 'replace');
|
||||
newDoc.write(paste);
|
||||
var paste = $('div#cleartext').html();
|
||||
var newDoc = document.open('text/html', 'replace');
|
||||
newDoc.write('<pre>'+paste+'</pre>');
|
||||
newDoc.close();
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user