A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

cryptocryptographyencryptedone-timepastepastebinphpsecurityself-destroyself-hostedself-hosting

Sebastien SAUVAGE daf5522b1e Potentiel security bug corrected ... Bug reproduction: 1) paste texte containing html/javascript. 2) send 3) clic "Raw text" 4) refresh: The html/javascript is interpreted instead of just displayed. Under some versions of Chrome, it happens without refreshing. This bug was corrected. (cherry picked from commit 4f8750bbddcb137213529875e45e3ace3be9a769)		2015-08-15 22:24:25 +02:00
cfg	fixing regressions from cherrypicking	2015-08-15 21:39:08 +02:00
css	XSS flaw correction	2015-08-15 22:01:43 +02:00
img	Added "Raw text" button.	2015-08-15 20:25:46 +02:00
js	Potentiel security bug corrected	2015-08-15 22:24:25 +02:00
lib	Stronger server salt	2015-08-15 22:18:57 +02:00
tpl	fixing regressions from cherrypicking	2015-08-15 21:39:08 +02:00
tst	reviewed unit tests, fixing line endings, added more tests	2015-08-15 18:32:31 +02:00
.gitignore	Included .htaccess and .htapasswd for safety.	2013-11-01 01:20:59 +01:00
CHANGELOG.md	XSS flaw correction	2015-08-15 22:01:43 +02:00
CREDITS.md	had to revert to HTML5 instead of XHTML5 because of compatibility	2012-08-28 23:28:41 +02:00
index.php	XSS flaw correction	2015-08-15 22:01:43 +02:00
INSTALL.md	had to revert to HTML5 instead of XHTML5 because of compatibility	2012-08-28 23:28:41 +02:00
README.md	XSS flaw correction	2015-08-15 22:01:43 +02:00
robots.txt	Incorrect structure	2013-11-01 01:22:16 +01:00