Potentiel security bug corrected

Bug reproduction: 1) paste texte containing html/javascript. 2) send 3) clic "Raw text" 4) refresh: The html/javascript is interpreted instead of just displayed. Under some versions of Chrome, it happens without refreshing. This bug was corrected. (cherry picked from commit 4f8750bbddcb137213529875e45e3ace3be9a769)
10 years ago · daf5522b1e
parent e7feca0e53
commit daf5522b1e
1 changed files with 3 additions and 4 deletions
--- a/js/zerobin.js
+++ b/js/zerobin.js
@ -439,10 +439,9 @@ function stateExistingPaste() {
  */
 function rawText()
 {
-    history.pushState(document.title, document.title, 'document.txt');
-    var paste = $('div#cleartext').text();
-    var newDoc = document.open('text/plain', 'replace');
-    newDoc.write(paste);
+    var paste = $('div#cleartext').html();
+    var newDoc = document.open('text/html', 'replace');
+    newDoc.write('<pre>'+paste+'</pre>');
    newDoc.close();
 }