f391773c65
generalize date string handling, replacing hardcoded lookups, fixes #586
2020-03-01 08:54:48 +01:00
adece1d784
incrementing version
2020-02-16 11:15:51 +01:00
12c83a13c7
addressing false positive jsverify rngState 85f362db8950cea741
2020-02-05 19:06:45 +01:00
bab95cce1b
addressing false positive jsverify rngState 8bf7605ea139db4c28
2020-02-04 18:58:24 +01:00
00438ec1ab
upgrade DOMpurify to 2.0.8
2020-02-04 18:43:35 +01:00
2cbb8bf3ca
in translation, allow links to be inserted unencoded into href attribute, simplfy sanitation by allowing only <a> tags in DOMpurify for plain text and comments and avoid DOMpurify removing magnet links, fixes #579
2020-02-02 07:08:38 +01:00
3996f82404
relax encoding of slashes just for plaintext display, so links can be detected
2020-02-01 16:30:41 +01:00
cc0920fc09
add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it
2020-02-01 08:46:59 +01:00
91003d6597
Merge remote-tracking branch 'origin/master' into displayEncoding
2020-02-01 07:52:48 +01:00
9a4018bffe
jsverify rngState 8270695ec83abf412d was a false positive, due to incorrect test logic
2020-02-01 07:40:14 +01:00
8a6415ef5f
fixing jsverify rngStates 0220439df7ec68a15b, 015c81b7afd06e4293 & 041e3d57692b08fc4a
2020-01-31 22:42:42 +01:00
3f8cf1792d
Switch to single quotes.
2020-01-26 18:08:59 +01:00
f6899785a9
Fix ARIA for Editor/preview tabs.
2020-01-25 18:47:18 +01:00
2d11d7b29e
re-applying sprintf simplification and rephrased jsdoc block
2020-01-25 09:16:14 +01:00
29efc14aa7
Revert "implement simplified translation logic, forcing the use of safe application via jQuery element"
...
This reverts commit 62365880b4
2020-01-25 09:07:29 +01:00
62365880b4
implement simplified translation logic, forcing the use of safe application via jQuery element
2020-01-25 09:07:06 +01:00
aa3f1206b2
rewriting translations to pass jQuery element where easily possible
2020-01-25 08:13:36 +01:00
42130e0468
prevent potentially non-encoded string from getting returned
2020-01-18 10:53:58 +01:00
685c354d0e
several changes:
...
- added tests for all 4 cases: output to string or into element vs first param contains link or not
- cleaned up logic - skip HTML entity encoding only if we can ensure insertion to text node / when output to string, we always encode
- DOMpurify sanitizes gopher, ws & wss links, which we previosly had tested for
2020-01-18 10:44:35 +01:00
fa9d3037ba
fixing logic & indentation
2020-01-18 07:44:32 +01:00
7b87dc3ca9
cleanup revert
2020-01-18 07:36:43 +01:00
0d08edbe55
Revert "getting rid of htmlEntities (except for tests)" a0740ff79f
2020-01-18 07:30:01 +01:00
cec5cb41d7
Partial revert "Do not double-encode HTML in i18n", only revert the removal of required encoding logic - still has to be moved
...
This reverts commit 01414e43ca
2020-01-18 07:20:05 +01:00
76eff6a87a
Revert "[TEST] Try to disallow vulnerable cases" to remove accidentally committed file and statement that breaks the tests
...
This reverts commit ebc2d649c4
2020-01-18 07:12:03 +01:00
fd4492f229
ensuring that both critical branches get tested
2020-01-18 07:09:56 +01:00
eb549d70d1
Invert conatainsLink logic
2020-01-15 17:52:51 +01:00
ebc2d649c4
[TEST] Try to disallow vulnerable cases
2020-01-13 19:56:15 +01:00
01414e43ca
Do not double-encode HTML in i18n
...
This issue got introduced in 4bf7f86https://github.com/PrivateBin/PrivateBin/issues/557
Fixes https://github.com/PrivateBin/PrivateBin/issues/558
Also _inverted_ the logic/variable name for containsNoLinks to
the more logical one "containsLinks" to avoid too many negations.
Also verified that the attachment name is stil properly displayed
when you clone a paste.
2020-01-13 19:17:30 +01:00
599264e167
partially address #556 - now comments can only be added after successfull decryption
2020-01-08 19:48:42 +01:00
ed590ee557
incrementing version
2020-01-08 19:31:06 +01:00
ef8943d838
upgrading base-x library to 3.0.7
2020-01-07 20:11:12 +01:00
2fd649db14
upgrading showdown to released 1.9.1 version
2020-01-07 19:58:05 +01:00
a9bf667f8e
address error, displayed when paste has attachment, but configuration has them disabled
2020-01-04 13:33:03 +01:00
4bf7f863dc
more general solution addressing #554 , kudos @rugk for the suggestions
2020-01-04 13:14:53 +01:00
8d0ac336d2
addressing jsverifyRngState 8b8f0d4ec2a67139b5, fixes HTML injection via filename, closes #554
2019-12-25 09:14:32 +01:00
853fd906cb
Fix unnecessary closure capture
2019-11-21 17:43:10 -05:00
af8d963fd2
updating DOMpurify library, fixes #523
2019-11-02 17:31:45 +01:00
8cf0c86ebb
simplify case statement, update documentation
2019-11-02 17:18:22 +01:00
b23fd48d49
Merge branch 'master' of https://github.com/AndriiZ/PrivateBin into AndriiZ-master
2019-11-02 17:11:05 +01:00
e079f6c830
Implement Email button
2019-10-31 15:07:13 -04:00
63fdd2eba3
Fix missing semi colon
2019-10-30 14:04:10 -04:00
56222d6cfb
Bugfix when password is disabled in config no new paste can be
...
created
2019-10-25 13:05:09 -04:00
65b7077756
Added plural rules for ukrainian
2019-10-18 12:31:40 +03:00
71797d1dd4
changes required for jsdoc, adding legacy.js to code coverage
2019-09-22 21:18:19 +02:00
2d4edfe401
incrementing version number in preparation of release
2019-09-22 19:42:04 +02:00
e9eeeacdf0
addressing jsverifyRngState 0f5ea3f961827b0c4d
2019-09-19 20:48:05 +02:00
8da382f7c6
Merge branch 'master' into better-feature-detection
2019-09-19 20:19:35 +02:00
28d70a1b18
upgrading DOMpurify, fixes #520
2019-09-19 20:13:47 +02:00
955317d924
make codacy a bit happier
2019-09-19 19:47:19 +02:00
7c61f59dcd
removing untranslated string for non-human entities, moving insecure notice to template, so it can remains translated
2019-09-19 19:14:48 +02:00
El RIDO