Merge branch 'sanitizeMarkdown'

This commit is contained in:
El RIDO 2017-11-22 22:45:04 +01:00
commit 9f973edb7d
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
6 changed files with 89 additions and 148 deletions

View file

@ -11,6 +11,7 @@ env:
globals: globals:
sjcl: false sjcl: false
DOMPurify: false
# http://eslint.org/docs/rules/ # http://eslint.org/docs/rules/
rules: rules:

View file

@ -12,6 +12,7 @@
*/ */
/** global: Base64 */ /** global: Base64 */
/** global: DOMPurify */
/** global: FileReader */ /** global: FileReader */
/** global: RawDeflate */ /** global: RawDeflate */
/** global: history */ /** global: history */
@ -42,26 +43,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
var Helper = (function () { var Helper = (function () {
var me = {}; var me = {};
/**
* character to HTML entity lookup table
*
* @see {@link https://github.com/janl/mustache.js/blob/master/mustache.js#L60}
* @name Helper.entityMap
* @private
* @enum {Object}
* @readonly
*/
var entityMap = {
'&': '&',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;',
'/': '&#x2F;',
'`': '&#x60;',
'=': '&#x3D;'
};
/** /**
* cache for script location * cache for script location
* *
@ -133,28 +114,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
} }
} }
/**
* set text of a jQuery element (required for IE),
*
* @name Helper.setElementText
* @function
* @param {jQuery} $element - a jQuery element
* @param {string} text - the text to enter
*/
me.setElementText = function($element, text)
{
// For IE<10: Doesn't support white-space:pre-wrap; so we have to do this...
if ($('#oldienotice').is(':visible')) {
var html = me.htmlEntities(text).replace(/\n/ig, '\r\n<br>');
$element.html('<pre>' + html + '</pre>');
}
// for other (sane) browsers:
else
{
$element.text(text);
}
}
/** /**
* convert URLs to clickable links. * convert URLs to clickable links.
* URLs to handle: * URLs to handle:
@ -166,22 +125,14 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
* *
* @name Helper.urls2links * @name Helper.urls2links
* @function * @function
* @param {Object} $element - a jQuery DOM element * @param {string} html
* @return {string}
*/ */
me.urls2links = function($element) me.urls2links = function(html)
{ {
var markup = '<a href="$1" rel="nofollow">$1</a>'; return html.replace(
$element.html( /(((http|https|ftp):\/\/[\w?=&.\/-;#@~%+*-]+(?![\w\s?&.\/;#~%"=-]*>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
$element.html().replace( '<a href="$1" rel="nofollow">$1</a>'
/((http|https|ftp):\/\/[\w?=&.\/-;#@~%+*-]+(?![\w\s?&.\/;#~%"=-]*>))/ig,
markup
)
);
$element.html(
$element.html().replace(
/((magnet):[\w?=&.\/-;#@~%+*-]+)/ig,
markup
)
); );
} }
@ -268,22 +219,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
return baseUri; return baseUri;
} }
/**
* convert all applicable characters to HTML entities
*
* @see {@link https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content}
* @name Helper.htmlEntities
* @function
* @param {string} str
* @return {string} escaped HTML
*/
me.htmlEntities = function(str) {
return String(str).replace(
/[&<>"'`=\/]/g, function(s) {
return entityMap[s];
});
}
/** /**
* resets state, used for unit testing * resets state, used for unit testing
* *
@ -1764,9 +1699,10 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
return; return;
} }
// set text // set sanitized and linked text
Helper.setElementText($plainText, text); var sanitizedLinkedText = DOMPurify.sanitize(Helper.urls2links(text), {SAFE_FOR_JQUERY: true});
Helper.setElementText($prettyPrint, text); $plainText.html(sanitizedLinkedText);
$prettyPrint.html(sanitizedLinkedText);
switch (format) { switch (format) {
case 'markdown': case 'markdown':
@ -1775,30 +1711,28 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
tables: true, tables: true,
tablesHeaderId: true tablesHeaderId: true
}); });
// let showdown convert the HTML and sanitize HTML *afterwards*!
$plainText.html( $plainText.html(
converter.makeHtml(text) DOMPurify.sanitize(converter.makeHtml(text), {SAFE_FOR_JQUERY: true})
); );
// add table classes from bootstrap css // add table classes from bootstrap css
$plainText.find('table').addClass('table-condensed table-bordered'); $plainText.find('table').addClass('table-condensed table-bordered');
break; break;
case 'syntaxhighlighting': case 'syntaxhighlighting':
// @TODO is this really needed or is "one" enough? // yes, this is really needed to initialize the environment
if (typeof prettyPrint === 'function') if (typeof prettyPrint === 'function')
{ {
prettyPrint(); prettyPrint();
} }
$prettyPrint.html( $prettyPrint.html(
prettyPrintOne( DOMPurify.sanitize(
Helper.htmlEntities(text), null, true prettyPrintOne(Helper.urls2links(text), null, true),
{SAFE_FOR_JQUERY: true}
) )
); );
// fall through, as the rest is the same // fall through, as the rest is the same
default: // = 'plaintext' default: // = 'plaintext'
// convert URLs to clickable links
Helper.urls2links($plainText);
Helper.urls2links($prettyPrint);
$prettyPrint.css('white-space', 'pre-wrap'); $prettyPrint.css('white-space', 'pre-wrap');
$prettyPrint.css('word-break', 'normal'); $prettyPrint.css('word-break', 'normal');
$prettyPrint.removeClass('prettyprint'); $prettyPrint.removeClass('prettyprint');
@ -2287,8 +2221,12 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
var $commentEntryData = $commentEntry.find('div.commentdata'); var $commentEntryData = $commentEntry.find('div.commentdata');
// set & parse text // set & parse text
Helper.setElementText($commentEntryData, commentText); $commentEntryData.html(
Helper.urls2links($commentEntryData); DOMPurify.sanitize(
Helper.urls2links(commentText),
{SAFE_FOR_JQUERY: true}
)
);
// set nickname // set nickname
if (nickname.length > 0) { if (nickname.length > 0) {
@ -2591,7 +2529,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
for (var i = 0; i < $head.length; i++) { for (var i = 0; i < $head.length; i++) {
newDoc.write($head[i].outerHTML); newDoc.write($head[i].outerHTML);
} }
newDoc.write('</head><body><pre>' + Helper.htmlEntities(paste) + '</pre></body></html>'); newDoc.write('</head><body><pre>' + DOMPurify.sanitize(paste, {SAFE_FOR_JQUERY: true}) + '</pre></body></html>');
newDoc.close(); newDoc.close();
} }

2
js/purify.min.js vendored Normal file

File diff suppressed because one or more lines are too long

View file

@ -15,6 +15,22 @@ var jsc = require('jsverify'),
// schemas supported by the whatwg-url library // schemas supported by the whatwg-url library
schemas = ['ftp','gopher','http','https','ws','wss'], schemas = ['ftp','gopher','http','https','ws','wss'],
supportedLanguages = ['de', 'es', 'fr', 'it', 'no', 'pl', 'pt', 'oc', 'ru', 'sl', 'zh'], supportedLanguages = ['de', 'es', 'fr', 'it', 'no', 'pl', 'pt', 'oc', 'ru', 'sl', 'zh'],
/**
* character to HTML entity lookup table
*
* @see {@link https://github.com/janl/mustache.js/blob/master/mustache.js#L60}
*/
entityMap = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;',
'/': '&#x2F;',
'`': '&#x60;',
'=': '&#x3D;'
},
logFile = require('fs').createWriteStream('test.log'); logFile = require('fs').createWriteStream('test.log');
global.$ = global.jQuery = require('./jquery-3.1.1'); global.$ = global.jQuery = require('./jquery-3.1.1');
@ -26,6 +42,7 @@ require('./prettify');
global.prettyPrint = window.PR.prettyPrint; global.prettyPrint = window.PR.prettyPrint;
global.prettyPrintOne = window.PR.prettyPrintOne; global.prettyPrintOne = window.PR.prettyPrintOne;
global.showdown = require('./showdown-1.6.1'); global.showdown = require('./showdown-1.6.1');
global.DOMPurify = require('./purify.min');
require('./bootstrap-3.3.7'); require('./bootstrap-3.3.7');
require('./privatebin'); require('./privatebin');
@ -34,6 +51,22 @@ console.info = console.warn = console.error = function () {
logFile.write(Array.prototype.slice.call(arguments).join('') + '\n'); logFile.write(Array.prototype.slice.call(arguments).join('') + '\n');
} }
/**
* convert all applicable characters to HTML entities
*
* @see {@link https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content}
* @name htmlEntities
* @function
* @param {string} str
* @return {string} escaped HTML
*/
function htmlEntities(str) {
return String(str).replace(
/[&<>"'`=\/]/g, function(s) {
return entityMap[s];
});
}
describe('Helper', function () { describe('Helper', function () {
describe('secondsToHuman', function () { describe('secondsToHuman', function () {
after(function () { after(function () {
@ -92,7 +125,7 @@ describe('Helper', function () {
var html = '', var html = '',
result = true; result = true;
ids.forEach(function(item, i) { ids.forEach(function(item, i) {
html += '<div id="' + item.join('') + '">' + $.PrivateBin.Helper.htmlEntities(contents[i] || contents[0]) + '</div>'; html += '<div id="' + item.join('') + '">' + htmlEntities(contents[i] || contents[0]) + '</div>';
}); });
var clean = jsdom(html); var clean = jsdom(html);
ids.forEach(function(item, i) { ids.forEach(function(item, i) {
@ -107,34 +140,6 @@ describe('Helper', function () {
); );
}); });
describe('setElementText', function () {
after(function () {
cleanup();
});
jsc.property(
'replaces the content of an element',
jsc.nearray(jsc.nearray(jsc.elements(alnumString))),
'nearray string',
'string',
function (ids, contents, replacingContent) {
var html = '',
result = true;
ids.forEach(function(item, i) {
html += '<div id="' + item.join('') + '">' + $.PrivateBin.Helper.htmlEntities(contents[i] || contents[0]) + '</div>';
});
var elements = $('<body />').html(html);
ids.forEach(function(item, i) {
var id = item.join(''),
element = elements.find('#' + id).first();
$.PrivateBin.Helper.setElementText(element, replacingContent);
result *= replacingContent === element.text();
});
return Boolean(result);
}
);
});
describe('urls2links', function () { describe('urls2links', function () {
after(function () { after(function () {
cleanup(); cleanup();
@ -144,10 +149,7 @@ describe('Helper', function () {
'ignores non-URL content', 'ignores non-URL content',
'string', 'string',
function (content) { function (content) {
var element = $('<div>' + content + '</div>'), return content === $.PrivateBin.Helper.urls2links(content);
before = element.html();
$.PrivateBin.Helper.urls2links(element);
return before === element.html();
} }
); );
jsc.property( jsc.property(
@ -162,9 +164,8 @@ describe('Helper', function () {
var query = query.join(''), var query = query.join(''),
fragment = fragment.join(''), fragment = fragment.join(''),
url = schema + '://' + address.join('') + '/?' + query + '#' + fragment, url = schema + '://' + address.join('') + '/?' + query + '#' + fragment,
prefix = $.PrivateBin.Helper.htmlEntities(prefix), prefix = htmlEntities(prefix),
postfix = ' ' + $.PrivateBin.Helper.htmlEntities(postfix), postfix = ' ' + htmlEntities(postfix);
element = $('<div>' + prefix + url + postfix + '</div>');
// special cases: When the query string and fragment imply the beginning of an HTML entity, eg. &#0 or &#x // special cases: When the query string and fragment imply the beginning of an HTML entity, eg. &#0 or &#x
if ( if (
@ -174,11 +175,9 @@ describe('Helper', function () {
{ {
url = schema + '://' + address.join('') + '/?' + query.substring(0, query.length - 1); url = schema + '://' + address.join('') + '/?' + query.substring(0, query.length - 1);
postfix = ''; postfix = '';
element = $('<div>' + prefix + url + '</div>');
} }
$.PrivateBin.Helper.urls2links(element); return prefix + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + postfix);
return element.html() === $('<div>' + prefix + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + postfix + '</div>').html();
} }
); );
jsc.property( jsc.property(
@ -188,11 +187,9 @@ describe('Helper', function () {
'string', 'string',
function (prefix, query, postfix) { function (prefix, query, postfix) {
var url = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,''), var url = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,''),
prefix = $.PrivateBin.Helper.htmlEntities(prefix), prefix = htmlEntities(prefix),
postfix = $.PrivateBin.Helper.htmlEntities(postfix), postfix = htmlEntities(postfix);
element = $('<div>' + prefix + url + ' ' + postfix + '</div>'); return prefix + '<a href="' + url + '" rel="nofollow">' + url + '</a> ' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + ' ' + postfix);
$.PrivateBin.Helper.urls2links(element);
return element.html() === $('<div>' + prefix + '<a href="' + url + '" rel="nofollow">' + url + '</a> ' + postfix + '</div>').html();
} }
); );
}); });
@ -337,7 +334,7 @@ describe('Helper', function () {
'removes all HTML entities from any given string', 'removes all HTML entities from any given string',
'string', 'string',
function (string) { function (string) {
var result = $.PrivateBin.Helper.htmlEntities(string); var result = htmlEntities(string);
return !(/[<>"'`=\/]/.test(result)) && !(string.indexOf('&') > -1 && !(/&amp;/.test(result))); return !(/[<>"'`=\/]/.test(result)) && !(string.indexOf('&') > -1 && !(/&amp;/.test(result)));
} }
); );
@ -582,8 +579,8 @@ describe('Model', function () {
'string', 'string',
'small nat', 'small nat',
function (keys, value, key) { function (keys, value, key) {
keys = keys.map($.PrivateBin.Helper.htmlEntities); keys = keys.map(htmlEntities);
value = $.PrivateBin.Helper.htmlEntities(value); value = htmlEntities(value);
var content = keys.length > key ? keys[key] : (keys.length > 0 ? keys[0] : 'null'), var content = keys.length > key ? keys[key] : (keys.length > 0 ? keys[0] : 'null'),
contents = '<select id="pasteExpiration" name="pasteExpiration">'; contents = '<select id="pasteExpiration" name="pasteExpiration">';
keys.forEach(function(item) { keys.forEach(function(item) {
@ -595,7 +592,7 @@ describe('Model', function () {
}); });
contents += '</select>'; contents += '</select>';
$('body').html(contents); $('body').html(contents);
var result = $.PrivateBin.Helper.htmlEntities( var result = htmlEntities(
$.PrivateBin.Model.getExpirationDefault() $.PrivateBin.Model.getExpirationDefault()
); );
$.PrivateBin.Model.reset(); $.PrivateBin.Model.reset();
@ -616,8 +613,8 @@ describe('Model', function () {
'string', 'string',
'small nat', 'small nat',
function (keys, value, key) { function (keys, value, key) {
keys = keys.map($.PrivateBin.Helper.htmlEntities); keys = keys.map(htmlEntities);
value = $.PrivateBin.Helper.htmlEntities(value); value = htmlEntities(value);
var content = keys.length > key ? keys[key] : (keys.length > 0 ? keys[0] : 'null'), var content = keys.length > key ? keys[key] : (keys.length > 0 ? keys[0] : 'null'),
contents = '<select id="pasteFormatter" name="pasteFormatter">'; contents = '<select id="pasteFormatter" name="pasteFormatter">';
keys.forEach(function(item) { keys.forEach(function(item) {
@ -629,7 +626,7 @@ describe('Model', function () {
}); });
contents += '</select>'; contents += '</select>';
$('body').html(contents); $('body').html(contents);
var result = $.PrivateBin.Helper.htmlEntities( var result = htmlEntities(
$.PrivateBin.Model.getFormatDefault() $.PrivateBin.Model.getFormatDefault()
); );
$.PrivateBin.Model.reset(); $.PrivateBin.Model.reset();
@ -648,7 +645,7 @@ describe('Model', function () {
'checks if the element with id "cipherdata" contains any data', 'checks if the element with id "cipherdata" contains any data',
'asciistring', 'asciistring',
function (value) { function (value) {
value = $.PrivateBin.Helper.htmlEntities(value).trim(); value = htmlEntities(value).trim();
$('body').html('<div id="cipherdata">' + value + '</div>'); $('body').html('<div id="cipherdata">' + value + '</div>');
$.PrivateBin.Model.init(); $.PrivateBin.Model.init();
var result = $.PrivateBin.Model.hasCipherData(); var result = $.PrivateBin.Model.hasCipherData();
@ -668,10 +665,10 @@ describe('Model', function () {
'returns the contents of the element with id "cipherdata"', 'returns the contents of the element with id "cipherdata"',
'asciistring', 'asciistring',
function (value) { function (value) {
value = $.PrivateBin.Helper.htmlEntities(value).trim(); value = htmlEntities(value).trim();
$('body').html('<div id="cipherdata">' + value + '</div>'); $('body').html('<div id="cipherdata">' + value + '</div>');
$.PrivateBin.Model.init(); $.PrivateBin.Model.init();
var result = $.PrivateBin.Helper.htmlEntities( var result = htmlEntities(
$.PrivateBin.Model.getCipherData() $.PrivateBin.Model.getCipherData()
); );
$.PrivateBin.Model.reset(); $.PrivateBin.Model.reset();
@ -1450,8 +1447,6 @@ describe('PasteViewer', function () {
// https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet // https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
jsc.elements([ jsc.elements([
'<PLAINTEXT>', '<PLAINTEXT>',
'\';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";',
'alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--',
'></SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>', '></SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>',
'\'\';!--"<XSS>=&{()}', '\'\';!--"<XSS>=&{()}',
'<SCRIPT SRC=http://example.com/xss.js></SCRIPT>', '<SCRIPT SRC=http://example.com/xss.js></SCRIPT>',
@ -1464,8 +1459,12 @@ describe('PasteViewer', function () {
'<a onmouseover="alert(document.cookie)">xxs link</a>', '<a onmouseover="alert(document.cookie)">xxs link</a>',
'<a onmouseover=alert(document.cookie)>xxs link</a>', '<a onmouseover=alert(document.cookie)>xxs link</a>',
'<IMG """><SCRIPT>alert("XSS")</SCRIPT>">', '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">',
'<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>' '<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>',
// the list goes on… '<IMG STYLE="xss:expr/*XSS*/ession(alert(\'XSS\'))">',
'<FRAMESET><FRAME SRC="javascript:alert(\'XSS\');"></FRAMESET>',
'<TABLE BACKGROUND="javascript:alert(\'XSS\')">',
'<TABLE><TD BACKGROUND="javascript:alert(\'XSS\')">',
'<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="httx://xss.rocks/xss.js"></SCRIPT>'
]), ]),
'string', 'string',
function (format, prefix, xss, suffix) { function (format, prefix, xss, suffix) {
@ -1481,11 +1480,10 @@ describe('PasteViewer', function () {
$.PrivateBin.PasteViewer.setFormat(format); $.PrivateBin.PasteViewer.setFormat(format);
$.PrivateBin.PasteViewer.setText(text); $.PrivateBin.PasteViewer.setText(text);
$.PrivateBin.PasteViewer.run(); $.PrivateBin.PasteViewer.run();
var result = $('body').html().indexOf(xss) !== -1; var result = $('body').html().indexOf(xss) === -1;
clean(); clean();
return result; return result;
} }
); );
}); });
}); });

View file

@ -66,10 +66,11 @@ endif;
if ($MARKDOWN): if ($MARKDOWN):
?> ?>
<script type="text/javascript" src="js/showdown-1.6.1.js" integrity="sha512-e6kAsBTgFnTBnEQXrq8BV6+XFwxb3kyWHeEPOl+KhxaWt3xImE2zAW2+yP3E2CQ7F9yoJl1poVU9qxkOEtVsTQ==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/showdown-1.6.1.js" integrity="sha512-e6kAsBTgFnTBnEQXrq8BV6+XFwxb3kyWHeEPOl+KhxaWt3xImE2zAW2+yP3E2CQ7F9yoJl1poVU9qxkOEtVsTQ==" crossorigin="anonymous"></script>
<script type="text/javascript" src="js/purify.min.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-jJuy143F5Oy7oS3VkjzeJGBxIUuQ1H0eSjuvLGD3FiQzeu8Pwp5vI/jQ2dxlxSrzejmNMicdLHnIqH7R8Ft0lQ==" crossorigin="anonymous"></script>
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-NWkO7YojpZyTn/xpIjVwo+VBSVKIfxHjE9NC41GzcWgt3w36XNZ+wYZZjXLJh44rBj9qBmZiXvvt9g5iNkadlg==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-EvNAh1GXOoUiGZ/W8iPtzsce06bvVHy6+ajJztmfSgdQcKMPoj0dB8j1FC90MEChl7MOeR4xozvDymH/6HwIlA==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

View file

@ -44,10 +44,11 @@ endif;
if ($MARKDOWN): if ($MARKDOWN):
?> ?>
<script type="text/javascript" src="js/showdown-1.6.1.js" integrity="sha512-e6kAsBTgFnTBnEQXrq8BV6+XFwxb3kyWHeEPOl+KhxaWt3xImE2zAW2+yP3E2CQ7F9yoJl1poVU9qxkOEtVsTQ==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/showdown-1.6.1.js" integrity="sha512-e6kAsBTgFnTBnEQXrq8BV6+XFwxb3kyWHeEPOl+KhxaWt3xImE2zAW2+yP3E2CQ7F9yoJl1poVU9qxkOEtVsTQ==" crossorigin="anonymous"></script>
<script type="text/javascript" src="js/purify.min.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-jJuy143F5Oy7oS3VkjzeJGBxIUuQ1H0eSjuvLGD3FiQzeu8Pwp5vI/jQ2dxlxSrzejmNMicdLHnIqH7R8Ft0lQ==" crossorigin="anonymous"></script>
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-NWkO7YojpZyTn/xpIjVwo+VBSVKIfxHjE9NC41GzcWgt3w36XNZ+wYZZjXLJh44rBj9qBmZiXvvt9g5iNkadlg==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-EvNAh1GXOoUiGZ/W8iPtzsce06bvVHy6+ajJztmfSgdQcKMPoj0dB8j1FC90MEChl7MOeR4xozvDymH/6HwIlA==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->