diff --git a/js/privatebin.js b/js/privatebin.js index 708b185..31fa44f 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -290,31 +290,16 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) { */ pageKey: function() { + var key = window.location.hash.substring(1), + i = key.indexOf('&'); + // Some web 2.0 services and redirectors add data AFTER the anchor // (such as &utm_source=...). We will strip any additional data. - - var key = window.location.hash.substring(1), // Get key - i = key.indexOf('='); - - // First, strip everything after the equal sign (=) which signals end of base64 string. - if (i > -1) - { - key = key.substring(0, i + 1); - } - - // If the equal sign was not present, some parameters may remain: - i = key.indexOf('&'); if (i > -1) { key = key.substring(0, i); } - // Then add trailing equal sign if it's missing - if (key.charAt(key.length - 1) !== '=') - { - key += '='; - } - return key; }, diff --git a/js/test.js b/js/test.js index 000362c..a283275 100644 --- a/js/test.js +++ b/js/test.js @@ -6,7 +6,12 @@ var jsc = require('jsverify'), a2zString = ['a','b','c','d','e','f','g','h','i','j','k','l','m', 'n','o','p','q','r','s','t','u','v','w','x','y','z'], alnumString = a2zString.concat(['0','1','2','3','4','5','6','7','8','9']), - queryString = alnumString.concat(['+','%','&','.','*','-','_']); + queryString = alnumString.concat(['+','%','&','.','*','-','_']), + base64String = alnumString.concat(['+','/','=']).concat( + a2zString.map(function(c) { + return c.toUpperCase(); + }) + ); global.$ = global.jQuery = require('./jquery-3.1.1'); global.sjcl = require('./sjcl-1.0.6'); @@ -97,5 +102,43 @@ describe('helper', function () { } ); }); + + describe('pageKey', function () { + jsc.property( + 'returns the fragment of the URL', + jsc.nearray(jsc.elements(a2zString)), + jsc.nearray(jsc.elements(a2zString)), + jsc.array(jsc.elements(queryString)), + jsc.array(jsc.elements(base64String)), + function (schema, address, query, fragment) { + var fragment = fragment.join(''), + clean = jsdom('', { + url: schema.join('') + '://' + address.join('') + + '/?' + query.join('') + '#' + fragment + }), + result = $.PrivateBin.helper.pageKey(); + clean(); + return fragment === result; + } + ); + jsc.property( + 'returns the fragment stripped of trailing query parts', + jsc.nearray(jsc.elements(a2zString)), + jsc.nearray(jsc.elements(a2zString)), + jsc.array(jsc.elements(queryString)), + jsc.array(jsc.elements(base64String)), + jsc.array(jsc.elements(queryString)), + function (schema, address, query, fragment, trail) { + var fragment = fragment.join(''), + clean = jsdom('', { + url: schema.join('') + '://' + address.join('') + '/?' + + query.join('') + '#' + fragment + '&' + trail.join('') + }), + result = $.PrivateBin.helper.pageKey(); + clean(); + return fragment === result; + } + ); + }); });