chalec
/
ctrlv-privatebin
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

addressing false positive jsverify rngState 85f362db8950cea741

This commit is contained in:
El RIDO 2020-02-05 19:06:45 +01:00
parent aa377038a0
commit 12c83a13c7
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
js/test/AttachmentViewer.js
View File

@ -88,7 +88,12 @@ describe('AttachmentViewer', function () {
if (prefix.indexOf('<a') === -1 && postfix.indexOf('<a') === -1) { if (prefix.indexOf('<a') === -1 && postfix.indexOf('<a') === -1) {
result = $('<textarea>').text((prefix + filename + postfix)).text(); result = $('<textarea>').text((prefix + filename + postfix)).text();
} else { } else {
result = prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix; result = DOMPurify.sanitize(
prefix + $.PrivateBin.Helper.htmlEntities(filename) + postfix, {
ALLOWED_TAGS: ['a', 'i', 'span'],
ALLOWED_ATTR: ['href', 'id']
}
);
} }
if (filename.length) { if (filename.length) {
results.push( results.push(