upgrade DOMpurify to 2.1.1 - obsoleting the SAFE_FOR_JQUERY flag

This commit is contained in:
El RIDO 2020-10-08 19:00:04 +02:00
parent c37052fe82
commit f66c690fc0
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
7 changed files with 9 additions and 10 deletions

View file

@ -2,7 +2,7 @@
* **1.4 (not yet released)**
* ADDED: Translation for Hebrew
* CHANGED: Upgrading libraries to: DOMpurify 2.0.14
* CHANGED: Upgrading libraries to: DOMpurify 2.1.1
* **1.3.4 (2020-03-22)**
* CHANGED: Minimum required PHP version is 5.6, due to a change in the identicon library and to use php's native hash_equals()
* CHANGED: Upgrading libraries to: identicon 2.0.0

View file

@ -19,7 +19,7 @@ require('./prettify');
global.prettyPrint = window.PR.prettyPrint;
global.prettyPrintOne = window.PR.prettyPrintOne;
global.showdown = require('./showdown-1.9.1');
global.DOMPurify = require('./purify-2.0.14');
global.DOMPurify = require('./purify-2.1.1');
global.baseX = require('./base-x-3.0.7').baseX;
global.Legacy = require('./legacy').Legacy;
require('./bootstrap-3.3.7');

View file

@ -5613,8 +5613,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
I18n.loadTranslations();
DOMPurify.setConfig({
ALLOWED_URI_REGEXP: /^(?:(?:(?:f|ht)tps?|mailto|magnet):)/i,
SAFE_FOR_JQUERY: true
ALLOWED_URI_REGEXP: /^(?:(?:(?:f|ht)tps?|mailto|magnet):)/i
});
// Add a hook to make all links open a new window

File diff suppressed because one or more lines are too long

2
js/purify-2.1.1.js Normal file

File diff suppressed because one or more lines are too long

View file

@ -70,9 +70,9 @@ if ($MARKDOWN) :
<?php
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.14.js" integrity="sha512-kbLhjIj/m/AW++o2eErCfqPueoX2btJo7VznhEC2YQRbVR/+Eup3w7thwDZwoCZ/gLrPxTX3W4H2KzupLg2PKA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/purify-2.1.1.js" integrity="sha512-0RqB620aQhcT40T4kxf/vx3J4DOmFsqcGu2mPha21ZqufRsth3MsiU35ffSHX0OIJbE92XSKyvNcL1I6sYhh4w==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-HHR606wkEJVvf3XzEq81itazhXqfj3z54F2Hp2HfBPpUpXjvsI3DAxohlhOR669XLLS/k4v9+QCsQLNWegEA7A==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-9cJdKFvcsrk3G411+Wp5Y6ZvFE6UUMKVzCB6LLXhg1BaN/jkviL01Ox+4HzbYNflFuSYK0USVFLeCW89774A6w==" crossorigin="anonymous"></script>
<!-- icon -->
<link rel="apple-touch-icon" href="<?php echo I18n::encode($BASEPATH); ?>img/apple-touch-icon.png" sizes="180x180" />
<link rel="icon" type="image/png" href="img/favicon-32x32.png" sizes="32x32" />

View file

@ -48,9 +48,9 @@ if ($MARKDOWN):
<?php
endif;
?>
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.14.js" integrity="sha512-kbLhjIj/m/AW++o2eErCfqPueoX2btJo7VznhEC2YQRbVR/+Eup3w7thwDZwoCZ/gLrPxTX3W4H2KzupLg2PKA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/purify-2.1.1.js" integrity="sha512-0RqB620aQhcT40T4kxf/vx3J4DOmFsqcGu2mPha21ZqufRsth3MsiU35ffSHX0OIJbE92XSKyvNcL1I6sYhh4w==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-HHR606wkEJVvf3XzEq81itazhXqfj3z54F2Hp2HfBPpUpXjvsI3DAxohlhOR669XLLS/k4v9+QCsQLNWegEA7A==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-9cJdKFvcsrk3G411+Wp5Y6ZvFE6UUMKVzCB6LLXhg1BaN/jkviL01Ox+4HzbYNflFuSYK0USVFLeCW89774A6w==" crossorigin="anonymous"></script>
<!-- icon -->
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />