Commit graph

685 commits

Author SHA1 Message Date
El RIDO
843aa00473 Merge branch 'chrono-privacy' 2024-05-05 19:34:22 +02:00
El RIDO
6028a1d801
chore: upgrade jQuery from v3.7.0 to 3.7.1 2024-05-05 11:50:12 +02:00
El RIDO
b00528388f
Merge branch 'master' into chrono-privacy 2024-05-05 10:25:31 +02:00
El RIDO
06fb606aa7
Merge branch 'master' into bootstrap 2024-05-04 16:15:07 +02:00
rugk
61259a2e60 chore: remove source map URL 2024-05-04 13:50:51 +00:00
rugk
7a738d6893
test: also update DOMPurify in tests 2024-05-04 15:38:04 +02:00
El RIDO
0f9158b37b
allow disabling comment date display using discussiondatedisplay configuration option 2024-05-04 14:38:41 +02:00
El RIDO
81fdf8ebfc
re-lax samesite cookie policy
As per discussion in code review:

> Cookies are always scoped in browsers. That's not the issue. SameSite attribute just protects against CSRF attacks. But Get requests (aka links) are also "protected" with Strict, which breaks it… and for users that is highly confusing when they (apparently arbitrarily) do not get the language they have set before when clicking a link.

https://github.com/PrivateBin/PrivateBin/pull/1287#discussion_r1589299210
2024-05-04 12:12:31 +02:00
rugk
4500794980 chore: ugrade DOMPurify from v3.0.8 to 3.1.2
This incluces v3.1.1, which says:
> Note that this is a security release and should be upgraded to immediately.

https://github.com/cure53/DOMPurify/releases/tag/3.1.1

The release notes of the actual version itself are https://github.com/cure53/DOMPurify/releases/tag/3.1.2

I do not found more information on the vulnerability that apparently is in there.

* [x] manually tested and works
2024-05-03 15:55:53 +00:00
El RIDO
c66d3f05da
semantics 2024-04-23 22:11:58 +02:00
El RIDO
658383e6d1
set lang cookie with strict SameSite property 2024-04-21 11:36:31 +02:00
El RIDO
545ba7506e
bootstrap 5 - fix password modal display 2024-04-21 11:01:40 +02:00
El RIDO
a7ea62fcd0
bootstrap 5 prettify dark theme support
current status:
- made prettify theme work with dark mode

to be done:
- fix password modal display
- add "Dark Mode" to translation strings
- check tab alignment in HTML source
2024-04-19 14:00:49 +02:00
El RIDO
491ed9a521
bootstrap 5 template function complete
current status:
- got expiration and format selections to work
- fixed modals (password, QR-code, etc.)
- replaced glyphicons with Bootstrap icons (needs CSP relaxation to work)
- tested the different settings and combinations
- got editor tabs to change active status

to be done:
- add "Dark Mode" to translation strings
- figure out how to change prettify theme when dark mode gets selected
- check tab alignment in HTML source
2024-04-18 21:36:43 +02:00
El RIDO
7565be8ed5
initial work on a bootstrap 5 template
current status:
- renders without PHP errors & passes unit tests
- displays pastes
- responsive navbar
- right-to-left support
- auto dark mode with toggle

to be done:
- add "Dark Mode" to translation strings
- get expiration and format selections to work
- fix modals (password, QR-code, etc.)
- replace glyphicons with Bootstrap Icons (no longer included)
- test all the different settings and combinations
- check tab alignment in HTML source
2024-04-01 18:59:28 +02:00
Cadence Ember
d4fdc563ae Update all instances of text in language files 2024-03-22 11:25:17 +13:00
El RIDO
89a5d07b94
shortened paste URL does not appear in email
fixes #606
2024-03-10 17:26:30 +01:00
El RIDO
63b2526ee7
"Send" button now labeled "Create", fixes #946 2024-02-12 21:50:11 +01:00
El RIDO
aad975a721
incrementing version 2024-02-11 15:31:11 +01:00
El RIDO
a3ee624d3a
incrementing version 2024-02-11 14:17:27 +01:00
El RIDO
57b1890815 Merge branch 'master' into ask-before-burn 2024-02-07 19:45:54 +01:00
El RIDO
7bb913acdf
Merge pull request #1236 from PrivateBin/bump-libs
bump libraries to DOMpurify 3.0.8 & zlib 1.3.1, increase compression level
2024-02-07 19:30:25 +01:00
El RIDO
25de89c954
change loading confirm prefix, fix password modal focus, again 2024-02-06 20:22:47 +01:00
El RIDO
950c0b56b4
revert changing compression level
as per discussion with @rugk, see:
https://github.com/PrivateBin/PrivateBin/pull/1236#discussion_r1473639960
2024-02-06 19:21:14 +01:00
El RIDO
239f6da73c
Merge branch 'master' into crowdin-translation 2024-01-27 19:19:08 +01:00
El RIDO
257fc5d2b6
enable Romanian translation and credit it 2024-01-27 19:15:40 +01:00
El RIDO
03d2291ec7
Merge branch 'master' into ask-before-burn 2024-01-27 18:56:52 +01:00
El RIDO
d0e03e5167
change logic into asking for loading confirmation
also:
- fixes #1039 - email buttons overlapping in some languages
- fixes #1191 - language change URL mangling
- adds focus to password input in modal
- prevents needless reload on visiting default URL
2024-01-27 18:26:19 +01:00
El RIDO
0d2376cd88
bump libraries to DOMpurify 3.0.8 & zlib 1.3.1, increase compression level to 9 2024-01-27 11:33:54 +01:00
Tobias Gurtzick
2a508cb7bf
burn after reading only
Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>
2024-01-08 12:38:48 +01:00
Tobias Gurtzick
8516a3f4a4
Merge branch '162' into encrypt-browser 2024-01-08 12:29:06 +01:00
Tobias Gurtzick
2cc2cf0de7
working browser password
Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>
2024-01-08 12:28:41 +01:00
Tobias Gurtzick
e1e8618015
Merge branch 'change' into 162 2024-01-08 11:10:11 +01:00
Tobias Gurtzick
7fddefeb05
password
Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>
2024-01-08 10:36:59 +01:00
El RIDO
4e62e1f6ef address jsverify rngState 87ab3f64de258190c7, fixes #1139 2024-01-08 08:09:29 +01:00
El RIDO
405479642f add YOURLS API samples for extractUrl validation 2024-01-07 17:45:01 +01:00
El RIDO
fd82b937a9 refactor URL generators 2024-01-07 16:06:24 +01:00
El RIDO
d493ba7337 refactor URL generators 2024-01-07 15:47:29 +01:00
El RIDO
37ee3b1c7c refactor URL generators 2024-01-07 14:10:43 +01:00
El RIDO
ba17e94c5e use the newer function, if possible 2024-01-05 06:40:12 +01:00
El RIDO
c3331070cb codestyle, let's use readable variable names
Co-authored-by: rugk <rugk+git@posteo.de>
2024-01-05 06:30:21 +01:00
El RIDO
cc0b6e387a avoid use of bleeding edge function
only supported in Firefox & Chrome >= 120 & node >= 19.9.0 & 18.17.0
2024-01-04 23:23:47 +01:00
El RIDO
a80bd4e4ea fix url filter, IDN URL unit test 2024-01-04 23:08:17 +01:00
El RIDO
7cb1f8ca67 relax URL regex to support finding IDN domains, filter using built in function, removing non-URLs 2024-01-04 06:48:34 +01:00
El RIDO
dc8cb66adc
updating zlib to 1.3 2023-12-19 06:22:30 +01:00
El RIDO
d0420fb418
1.6.2 release 2023-12-15 07:20:20 +01:00
El RIDO
3bd570bd6a
incrementing version 2023-12-04 21:07:17 +01:00
El RIDO
b150450fac
address nodejs unit testing issue
mocha tests started failing as of node 20.10.0, likely due to this change:
https://github.com/nodejs/node/pull/49936

Error was:
node:internal/deps/undici/undici:11730
    Error.captureStackTrace(err, this);
          ^

TypeError: Failed to parse URL from js/zlib-1.2.13.wasm
    at Object.fetch (node:internal/deps/undici/undici:11730:11)
    at async initialize (/home/runner/work/PrivateBin/PrivateBin/js/zlib-1.2.13.js:31:26) {
  [cause]: TypeError: Invalid URL: js/zlib-1.2.13.wasm
      at new URLImpl (/home/runner/work/PrivateBin/PrivateBin/js/node_modules/jsdom-url/node_modules/whatwg-url/lib/URL-impl.js:21:13)
      at new URLImplCore (/home/runner/work/PrivateBin/PrivateBin/js/node_modules/jsdom-url/lib/URLImpl.js:18:9)
      at new URLCore (/home/runner/work/PrivateBin/PrivateBin/js/node_modules/jsdom-url/lib/URL.js:28:9)
      at Object.construct (/home/runner/work/PrivateBin/PrivateBin/js/node_modules/class-proxy/index.js:18:23)
      at new Request (node:internal/deps/undici/undici:5270:25)
      at fetch (node:internal/deps/undici/undici:9508:25)
      at Object.fetch (node:internal/deps/undici/undici:11728:18)
      at fetch (node:internal/process/pre_execution:314:27)
      at initialize (/home/runner/work/PrivateBin/PrivateBin/js/zlib-1.2.13.js:31:32)
      at Object.<anonymous> (/home/runner/work/PrivateBin/PrivateBin/js/zlib-1.2.13.js:145:17)
      at Object.<anonymous> (/home/runner/work/PrivateBin/PrivateBin/js/zlib-1.2.13.js:146:4)
[...]

Notice that the error occurs on line 31, meaning that fetch is not
undefined anymore. Node works on supporting fetch, which would make our
workaround using fs.readFileSync obsolete, but it (or rather the undici
library) currently doesn't support relative URLs.
2023-12-03 14:40:59 +01:00
El RIDO
aa1a44e329
upgrading DOMpurify to 3.0.6 2023-12-03 14:02:30 +01:00
El RIDO
c090f8d27f
fixed comments
so that these functions end up on the correct jsdoc page
2023-12-03 13:41:17 +01:00