|
|
@ -1701,7 +1701,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// set sanitized and linked text
|
|
|
|
// set sanitized and linked text
|
|
|
|
var sanitizedLinkedText = DOMPurify.sanitize(Helper.urls2links(text), {SAFE_FOR_JQUERY: true});
|
|
|
|
var sanitizedLinkedText = DOMPurify.sanitize(Helper.urls2links(text));
|
|
|
|
$plainText.html(sanitizedLinkedText);
|
|
|
|
$plainText.html(sanitizedLinkedText);
|
|
|
|
$prettyPrint.html(sanitizedLinkedText);
|
|
|
|
$prettyPrint.html(sanitizedLinkedText);
|
|
|
|
|
|
|
|
|
|
|
@ -1714,7 +1714,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|
|
|
});
|
|
|
|
});
|
|
|
|
// let showdown convert the HTML and sanitize HTML *afterwards*!
|
|
|
|
// let showdown convert the HTML and sanitize HTML *afterwards*!
|
|
|
|
$plainText.html(
|
|
|
|
$plainText.html(
|
|
|
|
DOMPurify.sanitize(converter.makeHtml(text), {SAFE_FOR_JQUERY: true})
|
|
|
|
DOMPurify.sanitize(converter.makeHtml(text))
|
|
|
|
);
|
|
|
|
);
|
|
|
|
// add table classes from bootstrap css
|
|
|
|
// add table classes from bootstrap css
|
|
|
|
$plainText.find('table').addClass('table-condensed table-bordered');
|
|
|
|
$plainText.find('table').addClass('table-condensed table-bordered');
|
|
|
@ -1728,8 +1728,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|
|
|
|
|
|
|
|
|
|
|
$prettyPrint.html(
|
|
|
|
$prettyPrint.html(
|
|
|
|
DOMPurify.sanitize(
|
|
|
|
DOMPurify.sanitize(
|
|
|
|
prettyPrintOne(Helper.urls2links(text), null, true),
|
|
|
|
prettyPrintOne(Helper.urls2links(text), null, true)
|
|
|
|
{SAFE_FOR_JQUERY: true}
|
|
|
|
|
|
|
|
)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
);
|
|
|
|
// fall through, as the rest is the same
|
|
|
|
// fall through, as the rest is the same
|
|
|
@ -1825,6 +1824,8 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
me.setText = function(newText)
|
|
|
|
me.setText = function(newText)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
|
|
|
|
// escape HTML entities
|
|
|
|
|
|
|
|
newText = $('<div />').text(newText).html();
|
|
|
|
if (text !== newText) {
|
|
|
|
if (text !== newText) {
|
|
|
|
text = newText;
|
|
|
|
text = newText;
|
|
|
|
isChanged = true;
|
|
|
|
isChanged = true;
|
|
|
@ -2224,8 +2225,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|
|
|
// set & parse text
|
|
|
|
// set & parse text
|
|
|
|
$commentEntryData.html(
|
|
|
|
$commentEntryData.html(
|
|
|
|
DOMPurify.sanitize(
|
|
|
|
DOMPurify.sanitize(
|
|
|
|
Helper.urls2links(commentText),
|
|
|
|
Helper.urls2links(commentText)
|
|
|
|
{SAFE_FOR_JQUERY: true}
|
|
|
|
|
|
|
|
)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
@ -2531,7 +2531,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|
|
|
for (var i = 0; i < $head.length; i++) {
|
|
|
|
for (var i = 0; i < $head.length; i++) {
|
|
|
|
newDoc.write($head[i].outerHTML);
|
|
|
|
newDoc.write($head[i].outerHTML);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
newDoc.write('</head><body><pre>' + DOMPurify.sanitize(paste, {SAFE_FOR_JQUERY: true}) + '</pre></body></html>');
|
|
|
|
newDoc.write('</head><body><pre>' + DOMPurify.sanitize(paste) + '</pre></body></html>');
|
|
|
|
newDoc.close();
|
|
|
|
newDoc.close();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -3961,10 +3961,11 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
|
|
|
// first load translations
|
|
|
|
// first load translations
|
|
|
|
I18n.loadTranslations();
|
|
|
|
I18n.loadTranslations();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DOMPurify.setConfig({SAFE_FOR_JQUERY: true});
|
|
|
|
|
|
|
|
|
|
|
|
// initialize other modules/"classes"
|
|
|
|
// initialize other modules/"classes"
|
|
|
|
Alert.init();
|
|
|
|
Alert.init();
|
|
|
|
Model.init();
|
|
|
|
Model.init();
|
|
|
|
|
|
|
|
|
|
|
|
AttachmentViewer.init();
|
|
|
|
AttachmentViewer.init();
|
|
|
|
DiscussionViewer.init();
|
|
|
|
DiscussionViewer.init();
|
|
|
|
Editor.init();
|
|
|
|
Editor.init();
|
|
|
|