diff --git a/js/privatebin.js b/js/privatebin.js index 3ce7fe9..9443438 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -415,7 +415,7 @@ jQuery.PrivateBin = (function($, RawDeflate) { /** * convert all applicable characters to HTML entities * - * @see {@link https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content} + * @see {@link https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html} * @name Helper.htmlEntities * @function * @param {string} str @@ -425,7 +425,8 @@ jQuery.PrivateBin = (function($, RawDeflate) { return String(str).replace( /[&<>"'`=\/]/g, function(s) { return entityMap[s]; - }); + } + ); } /** @@ -478,28 +479,6 @@ jQuery.PrivateBin = (function($, RawDeflate) { return expirationDate; }; - /** - * encode all applicable characters to HTML entities - * - * @see {@link https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html} - * - * @name Helper.htmlEntities - * @function - * @param string str - * @return string escaped HTML - */ - me.htmlEntities = function(str) { - return str.replace( - /["'\/]/g, - function(s) { - return { - '"': '"', - "'": ''', - '/': '/' - }[s]; - }); - }; - return me; })(); diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 92becfc..26c3d8e 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -72,7 +72,7 @@ endif; ?> - + diff --git a/tpl/page.php b/tpl/page.php index 1a799c5..0d0f407 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -50,7 +50,7 @@ endif; ?> - +