From daf5522b1ec164abde735f15cb8874f1027a9466 Mon Sep 17 00:00:00 2001 From: Sebastien SAUVAGE Date: Mon, 20 Jan 2014 21:06:31 +0100 Subject: [PATCH] Potentiel security bug corrected Bug reproduction: 1) paste texte containing html/javascript. 2) send 3) clic "Raw text" 4) refresh: The html/javascript is interpreted instead of just displayed. Under some versions of Chrome, it happens without refreshing. This bug was corrected. (cherry picked from commit 4f8750bbddcb137213529875e45e3ace3be9a769) --- js/zerobin.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/js/zerobin.js b/js/zerobin.js index 4d5f64aa..57bc6fb9 100644 --- a/js/zerobin.js +++ b/js/zerobin.js @@ -439,10 +439,9 @@ function stateExistingPaste() { */ function rawText() { - history.pushState(document.title, document.title, 'document.txt'); - var paste = $('div#cleartext').text(); - var newDoc = document.open('text/plain', 'replace'); - newDoc.write(paste); + var paste = $('div#cleartext').html(); + var newDoc = document.open('text/html', 'replace'); + newDoc.write('
'+paste+'
'); newDoc.close(); }