El RIDO
|
11375a4f59
|
moved referrer policy from CSP & meta to proper HTTP header to avoid browser console error message about unknown CSP header and to ensure it always applies before HTML is parsed, fixes #196
|
2019-06-27 20:31:10 +02:00 |
El RIDO
|
67b9b5f0d8
|
correcting old browser detection logic, fixes #446
|
2019-06-27 20:11:22 +02:00 |
El RIDO
|
ddb1c550f5
|
remove alerts when missing showdown & prettify libraries, if the are missing it is intentionally done in the configuration, fixes #237
|
2019-06-23 19:55:25 +02:00 |
El RIDO
|
c2e060d464
|
made compression configurable, fixes #38
|
2019-06-23 19:45:40 +02:00 |
El RIDO
|
47944ba3b1
|
updating DOMpurify to 1.0.11, fixes #442
|
2019-06-23 12:15:36 +02:00 |
El RIDO
|
8dc9db90c9
|
added translation for Czech, provided by @info-path, fixes #424
|
2019-06-23 12:06:36 +02:00 |
El RIDO
|
40493dfb3a
|
simplify logic, adding test cases for all combinations of URLs that are regarded as secure context
|
2019-06-23 10:38:08 +02:00 |
El RIDO
|
61fde53de0
|
adding IPv6 localhost to exceptions
|
2019-06-23 09:56:18 +02:00 |
El RIDO
|
dc193f7555
|
Revert "removing exceptions - in these cases server admins can opt to disable the warning message in the configuration"
This reverts commit d0365faf76 .
|
2019-06-23 09:54:48 +02:00 |
El RIDO
|
d9f27fb004
|
avoid instability of tests due to Alert callback testing, which can prevent notifications from getting displayed
|
2019-06-23 09:39:21 +02:00 |
El RIDO
|
603f7fd911
|
adding tests for all cases
|
2019-06-22 15:44:54 +02:00 |
El RIDO
|
d0365faf76
|
removing exceptions - in these cases server admins can opt to disable the warning message in the configuration
|
2019-06-22 08:39:46 +02:00 |
El RIDO
|
57bd65225d
|
added new translation strings, moved URLs out of translations as they are static and it makes translation more compact
|
2019-06-22 07:52:18 +02:00 |
rugk
|
e5974d4663
|
Prefer isSecureContext if available
|
2019-06-21 19:48:16 +02:00 |
rugk
|
a1b1efeae2
|
Adjust messages
|
2019-06-21 19:03:45 +02:00 |
El RIDO
|
50cc6995e0
|
making use of the URL object in the existing tests
|
2019-06-20 22:30:49 +02:00 |
El RIDO
|
77419ec2c1
|
Merge branch 'master' into httpinsecure
|
2019-06-20 21:01:00 +02:00 |
El RIDO
|
b1be74a56f
|
support processing of Error types in notifications, adresses #441
|
2019-06-18 19:45:52 +02:00 |
El RIDO
|
42c2003220
|
made notice configurable, fixing a few CSS glitches
|
2019-06-17 21:40:37 +02:00 |
El RIDO
|
a67c9ab129
|
reworded the message, added the missing translation strings
|
2019-06-17 21:18:30 +02:00 |
El RIDO
|
fc914b4b84
|
moved bad bot check into InitialCheck, changed old ie notice into generic update warning, when unsupported user agent is detected and made the other IE alert show in all versions as it is now entirely unsupported
|
2019-06-17 21:09:21 +02:00 |
El RIDO
|
8515c9d223
|
upgrading DOMpurify library
|
2019-06-16 10:23:14 +02:00 |
El RIDO
|
8a69411d50
|
upgrading showdown library
|
2019-06-16 10:19:44 +02:00 |
El RIDO
|
49e118a8b3
|
updated kjua library
|
2019-06-16 10:13:53 +02:00 |
El RIDO
|
b527bc6208
|
upgrade jQuery library
|
2019-06-16 09:30:59 +02:00 |
El RIDO
|
b4ceb4078d
|
removed obsolete code and comments, tested with a PDF of 9 MiB and it works fine in Firefox and Chrome
|
2019-06-15 09:47:55 +02:00 |
El RIDO
|
451a4817c4
|
replace data-URL method usage with blob-URL one
|
2019-06-15 09:35:26 +02:00 |
El RIDO
|
a459c4692c
|
correcting API use, avoid history glitch
|
2019-06-01 23:49:40 +02:00 |
El RIDO
|
ebbb850b27
|
clone array instead of passing the reference, adresses #436
|
2019-05-31 07:05:40 +02:00 |
El RIDO
|
c4b84b2b6b
|
extract version logic into paste & comment classes
|
2019-05-25 13:20:39 +02:00 |
El RIDO
|
d73c68ad85
|
insert Paste class to wrap the data, to be able to extend the paste with getters and format version handling
|
2019-05-25 10:10:59 +02:00 |
El RIDO
|
b44e729a1a
|
fixing display of version 1 pastes without attachments
|
2019-05-19 13:31:17 +02:00 |
El RIDO
|
353d08daf6
|
handle regression due to base58 stripping NULL bytes, discovered via JSVerify RNG state 0dec6b2a5f04d19873
|
2019-05-19 09:54:40 +02:00 |
El RIDO
|
3b0ab7e99f
|
fixing regression handling v1 key format (un-decoded base64)
|
2019-05-19 08:36:18 +02:00 |
El RIDO
|
6f480bf014
|
Merge branch 'master' into webcrypto, implementing base58, fixes #377
|
2019-05-15 21:20:54 +02:00 |
El RIDO
|
09162a3c57
|
fix display of v2 pastes in JS, fixing parsing of comments in PHP, avoid exposing expiration date (we provide time_to_live, would allow calculation of creation date of paste)
|
2019-05-15 07:44:03 +02:00 |
El RIDO
|
cc1c55129f
|
switching to full JSON API without POST array use, ensure all JSON operations are done with error detection
|
2019-05-13 22:31:52 +02:00 |
El RIDO
|
50af37507f
|
fixing v2 TTL
|
2019-05-11 10:46:30 +02:00 |
El RIDO
|
788ea67b49
|
fixing server interaction in JS, simple pastes now work
|
2019-05-11 10:39:42 +02:00 |
El RIDO
|
0f42bd818f
|
quiescing JS unit tests
|
2019-05-10 21:01:34 +02:00 |
El RIDO
|
54d21a7803
|
making base-x compatible with node & browser
|
2019-05-08 19:00:22 +02:00 |
Harald Leithner
|
4aab3c0061
|
Encode key as base58
|
2019-05-08 15:25:42 +02:00 |
El RIDO
|
5652a43d1d
|
adding js test to generate v2 example pastes to be used in the development of the server side logic, adding one of these into the helper class of the php tests
|
2019-04-16 07:45:04 +02:00 |
El RIDO
|
e418b083e8
|
Merge branch 'master' into webcrypto
|
2019-01-22 20:11:42 +01:00 |
rugk
|
c2a46b7af7
|
Make JS function more robust
|
2019-01-22 00:07:28 +01:00 |
El RIDO
|
79a858f176
|
extracting only the 16 hex characters of the query string as paste ID, addressing #396
|
2019-01-20 12:20:37 +01:00 |
El RIDO
|
0ee86f33da
|
key in version 2 is raw value instead of base64 (which reduces its complexity), made PasteDecryptor support both versions of the format, refactoring method names, replacing var by let / const, reducing zlib compression level from 9 to 7 to half the time spent on compression
|
2018-12-29 18:40:59 +01:00 |
El RIDO
|
be69e4a50f
|
simplify password catenation in version 2, to avoid potential key derivation weakening
|
2018-12-28 05:49:34 +01:00 |
El RIDO
|
0ad5b3e900
|
implement zlib via web assembly, replacing rawdeflate library
|
2018-12-27 21:32:13 +01:00 |
El RIDO
|
5ce3aa2817
|
increase PBKDF2 iterations further, as suggested in #350
|
2018-12-25 20:19:57 +01:00 |
El RIDO
|
0ab06e34ec
|
initial refactoring for support of version 2 paste format, some cleanup on the side
|
2018-12-25 17:34:39 +01:00 |
El RIDO
|
e64eaf45ee
|
Merge branch 'master' into webcrypto
|
2018-12-17 21:34:15 +01:00 |
rugk
|
ac9eac5ed6
|
Ask google not to translate the page
We already have i18n. Furthermore, Google may analyse sensitive content for
the purpose of recognising whether the page needs to be translated, see
https://support.google.com/webmasters/answer/79812?hl=en
Ref https://github.com/threema-ch/threema-web/pull/681
|
2018-11-21 23:32:06 +01:00 |
El RIDO
|
5b00f4ead7
|
further code deduplication
|
2018-10-20 23:08:13 +02:00 |
El RIDO
|
4c3fb3fe63
|
reduce code duplication
|
2018-10-20 22:34:36 +02:00 |
El RIDO
|
717e5b0e57
|
addressing issues found by codacy
|
2018-10-20 22:05:35 +02:00 |
El RIDO
|
0f76b9066d
|
remove SJCL library
|
2018-10-20 19:53:21 +02:00 |
El RIDO
|
2d7996570e
|
typos, documentation
|
2018-10-20 17:57:21 +02:00 |
El RIDO
|
2929d5c17a
|
fixing async comment nicknames
|
2018-10-20 13:54:17 +02:00 |
El RIDO
|
a08fed1add
|
ensure promises can be collected
|
2018-10-20 12:40:08 +02:00 |
El RIDO
|
35045bb69a
|
improving error handling
|
2018-10-20 11:40:37 +02:00 |
El RIDO
|
100d955e1a
|
address decryptComments() async compatibility
|
2018-10-20 10:20:32 +02:00 |
El RIDO
|
ff8ec5a1a0
|
address decryptOrPromptPassword(), decryptPaste() and decryptAttachment() async compatibility
|
2018-10-20 09:56:05 +02:00 |
El RIDO
|
c0d3b9062b
|
updating SRI hashes
|
2018-10-20 08:40:48 +02:00 |
El RIDO
|
b191e2c437
|
Merge remote-tracking branch 'origin/master' into webcrypto
|
2018-09-02 10:07:57 +02:00 |
El RIDO
|
8b71cb0b2f
|
properly escaping HTML in raw text mode, fixes #358
|
2018-09-02 09:14:36 +02:00 |
El RIDO
|
b97ac08003
|
improving tests, correcting cipher
|
2018-09-01 22:22:10 +02:00 |
El RIDO
|
0dbbb61d11
|
implementing web crypto API for encryption
|
2018-09-01 19:42:22 +02:00 |
El RIDO
|
bd6888687f
|
Merge branch 'master' into webcrypto
|
2018-08-14 06:59:47 +02:00 |
El RIDO
|
8db98becb7
|
upgrading DOMpurify library
|
2018-08-11 19:45:57 +02:00 |
El RIDO
|
b5ebc4a3d7
|
incrementing version
|
2018-08-11 19:29:58 +02:00 |
El RIDO
|
10201dc463
|
expanded unit tests to cover mega links, reverted regex to old one, but fixed to cover mega links, just to prove it works
|
2018-08-11 07:33:33 +02:00 |
El RIDO
|
c468b74b9b
|
Merge branch 'master' into linkregex
|
2018-08-11 06:56:02 +02:00 |
El RIDO
|
c4fc7edc43
|
replacing Base64.js with browser built in's, except for legacy paste support
|
2018-08-05 08:56:03 +02:00 |
El RIDO
|
6f25d651b7
|
switching to client side libraries for key generation, remove legacy browser support
|
2018-08-04 22:30:01 +02:00 |
El RIDO
|
c9a3bb08ee
|
remove dead code
|
2018-08-04 17:49:08 +02:00 |
El RIDO
|
4f332b7719
|
revert legacy browser support, dropped in favour of webcrypto API
|
2018-08-04 17:25:59 +02:00 |
El RIDO
|
0319a16b15
|
support older browsers correctly and ensure the paranoia setting for the sjcl.random.isReady call matches paranoia level 10 instead of the default 6
|
2018-08-04 13:25:31 +02:00 |
El RIDO
|
1be1047a94
|
while we do start the collection of randomness even before initializing our logic, raising the 'paranoia' parameter to 10 ensures that in legacy browsers not yet supporting the webcrypto API we would get an exception, instead of a weak key
|
2018-08-01 21:56:23 +02:00 |
El RIDO
|
e2c04e13e8
|
fixing doc block for jsdoc
|
2018-07-22 10:24:39 +02:00 |
El RIDO
|
3fecd0f2ce
|
correct page template & password prompt/modal, fixes #341, remove JS map reference leading to unnecessary load error
|
2018-07-21 06:44:04 +00:00 |
rugk
|
4f17dde5ee
|
Merge branch 'master' of https://github.com/PrivateBin/PrivateBin
|
2018-07-01 20:23:17 +02:00 |
rugk
|
c1ab1dd8c5
|
Enable auto-linking in Markdown
This get's feature-completition to plain-text auto-linking.
Fixes https://github.com/PrivateBin/PrivateBin/issues/336
|
2018-07-01 20:22:42 +02:00 |
El RIDO
|
17a468a4e5
|
updating prettify library to 453bd5f
|
2018-07-01 19:17:05 +02:00 |
rugk
|
119c3931cc
|
Try new RegEx for creating links
|
2018-07-01 15:13:24 +02:00 |
El RIDO
|
2a3017a3bd
|
making comments on pretty printed pastes work again
|
2018-07-01 12:49:35 +00:00 |
El RIDO
|
bd1e40ac36
|
updating DOMpurify library to 1.0.5
|
2018-07-01 13:36:16 +02:00 |
El RIDO
|
30d9cb45cc
|
updating Showdown library to 1.8.6
|
2018-07-01 13:29:57 +02:00 |
El RIDO
|
91baef389d
|
updating Base64 library to 2.4.5 (keeping old 1.7 library for legacy ZeroBin support)
|
2018-07-01 13:23:39 +02:00 |
El RIDO
|
cfe60db8fd
|
increment version number
|
2018-07-01 13:11:32 +02:00 |
El RIDO
|
c22537c979
|
fix sending anonymous comments
|
2018-07-01 07:18:21 +00:00 |
El RIDO
|
5eebd27e82
|
fixing rngState 858b17ef69dc30a542, upgrade to jQuery 3.3.1 made event queue load callback too late, hence highlight right away and only handle highlight disable in the callback, after scrolling to comment
|
2018-07-01 08:59:55 +02:00 |
El RIDO
|
f92330443e
|
updating jQuery
|
2018-07-01 08:08:21 +02:00 |
El RIDO
|
da11d2e729
|
fixing SRI hash generation, broken by yesterdays Cloudflare fix that changed the script tag format
|
2018-07-01 07:51:05 +02:00 |
El RIDO
|
ded3767803
|
updated SJCL to 1.0.7
no change log was published, the one non-build related commit seems to be about an issue on Android:
6bb1978510
|
2018-07-01 07:29:49 +02:00 |
El RIDO
|
e35342e3a4
|
tell Cloudflare not to mess with our JS, fixes #284
|
2018-06-30 17:55:59 +02:00 |
El RIDO
|
a7029cc564
|
fixes #282
|
2018-06-30 15:59:54 +02:00 |
El RIDO
|
6225a8ef16
|
updating translators in credits
|
2018-06-11 20:29:47 +02:00 |
rugk
|
848efde4a6
|
Regenerate SRI hashes
|
2018-05-31 17:42:21 +02:00 |
El RIDO
|
d6f203dc4c
|
Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state
|
2018-05-27 15:05:31 +02:00 |