reverting escaping just for Markdown formatting, as discussed in #269
This commit is contained in:
parent
a95701bba8
commit
5e070db6a1
4 changed files with 9 additions and 8 deletions
|
@ -1700,8 +1700,11 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// set sanitized and linked text
|
// escape HTML entities, link URLs, sanitize
|
||||||
var sanitizedLinkedText = DOMPurify.sanitize(Helper.urls2links(text));
|
var escapedLinkedText = Helper.urls2links(
|
||||||
|
$('<div />').text(text).html()
|
||||||
|
),
|
||||||
|
sanitizedLinkedText = DOMPurify.sanitize(escapedLinkedText);
|
||||||
$plainText.html(sanitizedLinkedText);
|
$plainText.html(sanitizedLinkedText);
|
||||||
$prettyPrint.html(sanitizedLinkedText);
|
$prettyPrint.html(sanitizedLinkedText);
|
||||||
|
|
||||||
|
@ -1728,7 +1731,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
||||||
|
|
||||||
$prettyPrint.html(
|
$prettyPrint.html(
|
||||||
DOMPurify.sanitize(
|
DOMPurify.sanitize(
|
||||||
prettyPrintOne(Helper.urls2links(text), null, true)
|
prettyPrintOne(escapedLinkedText, null, true)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
// fall through, as the rest is the same
|
// fall through, as the rest is the same
|
||||||
|
@ -1824,8 +1827,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
|
||||||
*/
|
*/
|
||||||
me.setText = function(newText)
|
me.setText = function(newText)
|
||||||
{
|
{
|
||||||
// escape HTML entities
|
|
||||||
newText = $('<div />').text(newText).html();
|
|
||||||
if (text !== newText) {
|
if (text !== newText) {
|
||||||
text = newText;
|
text = newText;
|
||||||
isChanged = true;
|
isChanged = true;
|
||||||
|
|
|
@ -48,7 +48,7 @@ describe('PasteViewer', function () {
|
||||||
results.push(
|
results.push(
|
||||||
$('#placeholder').hasClass('hidden') &&
|
$('#placeholder').hasClass('hidden') &&
|
||||||
!$.PrivateBin.PasteViewer.isPrettyPrinted() &&
|
!$.PrivateBin.PasteViewer.isPrettyPrinted() &&
|
||||||
$.PrivateBin.PasteViewer.getText() == $('<div />').text(text).html()
|
$.PrivateBin.PasteViewer.getText() == text
|
||||||
);
|
);
|
||||||
if (format == 'markdown') {
|
if (format == 'markdown') {
|
||||||
results.push(
|
results.push(
|
||||||
|
|
|
@ -75,7 +75,7 @@ if ($MARKDOWN):
|
||||||
<?php
|
<?php
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-1BoGv9oPfrxI6QUHqWeW6bcbK2ix8Tya2dKrHupQk3vI1XgKcSmAJWchzQghRYhG9WFlTBW6jPJBDb9lTj+gSw==" crossorigin="anonymous"></script>
|
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-hZ/15ddyjvqcUrVu7ItQWW+A+281IAX3gegeA0/Ms4ExYS8GB9yJ2ODQv/zWD6gC/eGAVLng6+nPed5mrlTK/w==" crossorigin="anonymous"></script>
|
||||||
<!--[if lt IE 10]>
|
<!--[if lt IE 10]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
|
|
@ -54,7 +54,7 @@ if ($QRCODE):
|
||||||
<?php
|
<?php
|
||||||
endif;
|
endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-1BoGv9oPfrxI6QUHqWeW6bcbK2ix8Tya2dKrHupQk3vI1XgKcSmAJWchzQghRYhG9WFlTBW6jPJBDb9lTj+gSw==" crossorigin="anonymous"></script>
|
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-hZ/15ddyjvqcUrVu7ItQWW+A+281IAX3gegeA0/Ms4ExYS8GB9yJ2ODQv/zWD6gC/eGAVLng6+nPed5mrlTK/w==" crossorigin="anonymous"></script>
|
||||||
<!--[if lt IE 10]>
|
<!--[if lt IE 10]>
|
||||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
|
||||||
<![endif]-->
|
<![endif]-->
|
||||||
|
|
Loading…
Reference in a new issue