diff --git a/js/privatebin.js b/js/privatebin.js
index d2b8544..9e2b0ee 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -297,10 +297,25 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/
me.urls2links = function(html)
{
- return html.replace(
- /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]*>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
- '$1'
- );
+ let reverseEntityMap = {};
+ for (let entity of ['&', '"', '/', '=']) {
+ reverseEntityMap[entityMap[entity]] = entity;
+ }
+ const entityRegex = new RegExp(Object.keys(reverseEntityMap).join('|'), 'g');
+
+ // encode HTML entities, find and insert links, partially decoding only the href property of it
+ return me.htmlEntities(html)
+ .replace(
+ /(((https?|ftp)://[\w?!&.-;#@~%+*-]+(?![\w\s?!&.;#~%-]*>))|((magnet):[\w?&.-;#@~%+*-]+))/ig,
+ function(encodedUrl) {
+ let decodedUrl = encodedUrl.replace(
+ entityRegex, function(entity) {
+ return reverseEntityMap[entity];
+ }
+ );
+ return '' + encodedUrl + '';
+ }
+ )
};
/**
diff --git a/js/test/Helper.js b/js/test/Helper.js
index dd38e3c..a884eee 100644
--- a/js/test/Helper.js
+++ b/js/test/Helper.js
@@ -81,7 +81,7 @@ describe('Helper', function () {
'ignores non-URL content',
'string',
function (content) {
- return content === $.PrivateBin.Helper.urls2links(content);
+ return $.PrivateBin.Helper.htmlEntities(content) === $.PrivateBin.Helper.urls2links(content);
}
);
jsc.property(
@@ -95,8 +95,7 @@ describe('Helper', function () {
function (prefix, schema, address, query, fragment, postfix) {
query = query.join('');
fragment = fragment.join('');
- prefix = $.PrivateBin.Helper.htmlEntities(prefix);
- postfix = ' ' + $.PrivateBin.Helper.htmlEntities(postfix);
+ postfix = ' ' + postfix;
let url = schema + '://' + address.join('') + '/?' + query + '#' + fragment;
// special cases: When the query string and fragment imply the beginning of an HTML entity, eg. � or &#x
@@ -109,7 +108,7 @@ describe('Helper', function () {
postfix = '';
}
- return prefix + '' + url + '' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + postfix);
+ return $.PrivateBin.Helper.htmlEntities(prefix) + '' + $.PrivateBin.Helper.htmlEntities(url) + '' + $.PrivateBin.Helper.htmlEntities(postfix) === $.PrivateBin.Helper.urls2links(prefix + url + postfix);
}
);
jsc.property(
@@ -118,10 +117,8 @@ describe('Helper', function () {
jsc.array(common.jscQueryString()),
'string',
function (prefix, query, postfix) {
- prefix = $.PrivateBin.Helper.htmlEntities(prefix);
- postfix = $.PrivateBin.Helper.htmlEntities(postfix);
let url = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,'');
- return prefix + '' + url + ' ' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + ' ' + postfix);
+ return $.PrivateBin.Helper.htmlEntities(prefix) + '' + $.PrivateBin.Helper.htmlEntities(url) + ' ' + $.PrivateBin.Helper.htmlEntities(postfix) === $.PrivateBin.Helper.urls2links(prefix + url + ' ' + postfix);
}
);
});
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index 843dc6a..ba47c27 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -72,7 +72,7 @@ endif;
?>
-
+
diff --git a/tpl/page.php b/tpl/page.php
index c976ce2..9d66a86 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -50,7 +50,7 @@ endif;
?>
-
+