blitzwing/bintzwing
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Sanitize HTML code

Browse source 
using DOMPurify v1.0.2
Fixes https://github.com/PrivateBin/PrivateBin/issues/183
This commit is contained in:
rugk 2017-11-21 21:22:51 +01:00
parent bccb349226
commit b6d7d56774
No known key found for this signature in database
GPG key ID: 05D40A636AFAB34D
4 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
js/privatebin.js
View file

@ -1761,8 +1761,9 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
tables: true,
tablesHeaderId: true
});
// let showdown convert the HTML and sanitize HTML *afterwards*!
$plainText.html(
converter.makeHtml(text)
DOMPurify.sanitize(converter.makeHtml(text), {SAFE_FOR_JQUERY: true})
);
// add table classes from bootstrap css
$plainText.find('table').addClass('table-condensed table-bordered');

2
js/purify.min.js vendored Normal file
View file

File diff suppressed because one or more lines are too long

3
tpl/bootstrap.php
View file

@ -66,10 +66,11 @@ endif;
if ($MARKDOWN):
?>
<script type="text/javascript" src="js/showdown-1.6.1.js" integrity="sha512-e6kAsBTgFnTBnEQXrq8BV6+XFwxb3kyWHeEPOl+KhxaWt3xImE2zAW2+yP3E2CQ7F9yoJl1poVU9qxkOEtVsTQ==" crossorigin="anonymous"></script>
<script type="text/javascript" src="js/purify.min.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-jJuy143F5Oy7oS3VkjzeJGBxIUuQ1H0eSjuvLGD3FiQzeu8Pwp5vI/jQ2dxlxSrzejmNMicdLHnIqH7R8Ft0lQ==" crossorigin="anonymous"></script>
<?php
endif;
?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-gTAGAlxWTLH1PaXA4q9l0kME8wPPWi2iub5uU7HZ3A2bisLtjMIsaZ/Ecu4+sawFvvedAzbh9Y4rR34Ct3oF5Q==" crossorigin="anonymous"></script>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-P54+G2AsXaL2sYUXOc0Pj5I+0CpbpoFTagysFewcV8IvIbsb5XJiTCXcl3lMNECiY6RZTzUFkvzKn4PIE1pEwA==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->

3
tpl/page.php
View file

@ -44,10 +44,11 @@ endif;
if ($MARKDOWN):
?>
<script type="text/javascript" src="js/showdown-1.6.1.js" integrity="sha512-e6kAsBTgFnTBnEQXrq8BV6+XFwxb3kyWHeEPOl+KhxaWt3xImE2zAW2+yP3E2CQ7F9yoJl1poVU9qxkOEtVsTQ==" crossorigin="anonymous"></script>
<script type="text/javascript" src="js/purify.min.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-jJuy143F5Oy7oS3VkjzeJGBxIUuQ1H0eSjuvLGD3FiQzeu8Pwp5vI/jQ2dxlxSrzejmNMicdLHnIqH7R8Ft0lQ==" crossorigin="anonymous"></script>
<?php
endif;
?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-gTAGAlxWTLH1PaXA4q9l0kME8wPPWi2iub5uU7HZ3A2bisLtjMIsaZ/Ecu4+sawFvvedAzbh9Y4rR34Ct3oF5Q==" crossorigin="anonymous"></script>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-P54+G2AsXaL2sYUXOc0Pj5I+0CpbpoFTagysFewcV8IvIbsb5XJiTCXcl3lMNECiY6RZTzUFkvzKn4PIE1pEwA==" crossorigin="anonymous"></script>
<!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]-->