Add missing break in switch

Cleanup variables/logic
It only assigns and DomPurfies things once, instead of doing it again and again. Also uses less variables and cleans up the logic.
2020-03-06 10:03:27 +01:00 · 2020-03-04 14:32:04 +01:00 · 2020-03-04 13:44:57 +01:00 · 2020-03-04 13:29:06 +01:00 · 2020-03-04 11:45:56 +01:00
3 changed files with 101 additions and 70 deletions
--- a/js/privatebin.js
+++ b/js/privatebin.js
@ -18,14 +18,14 @@ jQuery.fn.draghover = function() {
    return this.each(function() {
        let collection = $(),
            self = $(this);
-  
+
        self.on('dragenter', function(e) {
            if (collection.length === 0) {
                self.trigger('draghoverstart');
            }
            collection = collection.add(e.target);
        });
-  
+
        self.on('dragleave drop', function(e) {
            collection = collection.not(e.target);
            if (collection.length === 0) {
@ -374,6 +374,31 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            }
        };

+        /**
+         * formats the text that needs to be formatted, so DomPurify can properly escape it.
+         *
+         * @name   Helper.preformatTextForDomPurify
+         * @function
+         * @param  {string} html
+         * @param  {'markdown'|'syntaxhighlighting'|'plaintext'} text
+         * @return {string} new text
+         */
+        me.preformatTextForDomPurify = function(text, format)
+        {
+            if (!format) {
+                throw new TypeError('invalid format parameter');
+            }
+
+            // encode < to make sure DomPurify does not interpret e.g. HTML or XML markup as code
+            // cf. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/xmp#Summary
+            // As Markdown, by definition, is/allows HTML code, we do not do anything there.
+            if (format !== 'markdown') {
+                // one character is enough, as this is not security-relevant (all output will go through DOMPurify later)
+                text = text.replace(/</g, '&lt;');
+            }
+            return text;
+        };
+
        /**
         * convert URLs to clickable links.
         *
@ -392,7 +417,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
        me.urls2links = function(html)
        {
            return html.replace(
-                /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]*>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
+                /(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
                '<a href="$1" rel="nofollow">$1</a>'
            );
        };
@ -518,7 +543,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * calculate expiration date given initial date and expiration period
-         * 
+         *
         * @name   Helper.calculateExpirationDate
         * @function
         * @param  {Date} initialDate - may not be empty
@ -531,7 +556,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            if (typeof expirationDisplayStringOrSecondsToExpire === 'string') {
                secondsToExpiration = me.durationToSeconds(expirationDisplayStringOrSecondsToExpire);
            }
-            
+
            if (typeof secondsToExpiration !== 'number') {
                throw new Error('Cannot calculate expiration date.');
            }
@ -2504,18 +2529,25 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                return;
            }

-            // escape HTML entities, link URLs, sanitize
-            const escapedLinkedText = Helper.urls2links(text),
-                  sanitizedLinkedText = DOMPurify.sanitize(
-                    escapedLinkedText, {
-                        ALLOWED_TAGS: ['a'],
-                        ALLOWED_ATTR: ['href', 'rel']
-                    }
-                  );
-            $plainText.html(sanitizedLinkedText);
-            $prettyPrint.html(sanitizedLinkedText);
+            let processedText = Helper.preformatTextForDomPurify(text, format);
+
+            // link URLs
+            processedText = Helper.urls2links(processedText);

            switch (format) {
+                case 'syntaxhighlighting':
+                    // yes, this is really needed to initialize the environment
+                    if (typeof prettyPrint === 'function')
+                    {
+                        prettyPrint();
+                    }
+
+                    $prettyPrint.html(
+                        DOMPurify.sanitize(
+                            prettyPrintOne(processedText, null, true)
+                        )
+                    );
+                    break;
                case 'markdown':
                    const converter = new showdown.Converter({
                        strikethrough: true,
@ -2527,29 +2559,27 @@ jQuery.PrivateBin = (function($, RawDeflate) {
                    // let showdown convert the HTML and sanitize HTML *afterwards*!
                    $plainText.html(
                        DOMPurify.sanitize(
+                            // use original text, because showdown handles autolinking on it's own
                            converter.makeHtml(text)
                        )
                    );
                    // add table classes from bootstrap css
                    $plainText.find('table').addClass('table-condensed table-bordered');
                    break;
-                case 'syntaxhighlighting':
-                    // yes, this is really needed to initialize the environment
-                    if (typeof prettyPrint === 'function')
-                    {
-                        prettyPrint();
-                    }
-
-                    $prettyPrint.html(
-                        DOMPurify.sanitize(
-                            prettyPrintOne(escapedLinkedText, null, true)
-                        )
-                    );
-                    // fall through, as the rest is the same
                default: // = 'plaintext'
-                    $prettyPrint.css('white-space', 'pre-wrap');
-                    $prettyPrint.css('word-break', 'normal');
-                    $prettyPrint.removeClass('prettyprint');
+                    $prettyPrint.html(DOMPurify.sanitize(
+                        processedText, {
+                            ALLOWED_TAGS: ['a'],
+                            ALLOWED_ATTR: ['href', 'rel']
+                        }
+                    ));
+                }
+
+            // set block style for non-Markdown formatting
+            if (format !== 'markdown') {
+                $prettyPrint.css('white-space', 'pre-wrap');
+                $prettyPrint.css('word-break', 'normal');
+                $prettyPrint.removeClass('prettyprint');
            }
        }

@ -3313,7 +3343,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         */
        me.addComment = function(comment, commentText, nickname)
        {
-            if (commentText === '') {
+            if (!commentText) {
                commentText = 'comment decryption failed';
            }

@ -3323,6 +3353,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            const $commentEntryData = $commentEntry.find('div.commentdata');

            // set & parse text
+            commentText = Helper.preformatTextForDomPurify(commentText, 'plaintext');
            $commentEntryData.html(
                DOMPurify.sanitize(
                    Helper.urls2links(commentText), {
@ -3735,11 +3766,11 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * Template Email body.
-         * 
+         *
         * @name   TopNav.templateEmailBody
-         * @private 
-         * @param {string} expirationDateString 
-         * @param {bool} isBurnafterreading 
+         * @private
+         * @param {string} expirationDateString
+         * @param {bool} isBurnafterreading
         */
        function templateEmailBody(expirationDateString, isBurnafterreading)
        {
@ -3777,10 +3808,10 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * Trigger Email send.
-         * 
+         *
         * @name   TopNav.triggerEmailSend
-         * @private 
-         * @param {string} emailBody 
+         * @private
+         * @param {string} emailBody
         */
        function triggerEmailSend(emailBody)
        {
@ -3993,7 +4024,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * show the "email" button
-         * 
+         *
         * @name   TopNav.showEmailbutton
         * @function
         * @param {int|undefined} optionalRemainingTimeInSeconds
@ -4021,7 +4052,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * hide the "email" button
-         * 
+         *
         * @name   TopNav.hideEmailButton
         * @function
         */
@ -4055,7 +4086,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * only hides the qr code button
-         * 
+         *
         * @name   TopNav.hideQrCodeButton
         * @function
         */
@ -4066,7 +4097,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * hide all irrelevant buttons when viewing burn after reading paste
-         * 
+         *
         * @name   TopNav.hideBurnAfterReadingButtons
         * @function
         */
@ -4102,7 +4133,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * hides the custom attachment
-         * 
+         *
         * @name  TopNav.hideCustomAttachment
         * @function
         */
@ -4226,7 +4257,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * Highlight file upload
-         * 
+         *
         * @name  TopNav.highlightFileupload
         * @function
         */
@ -4245,7 +4276,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * set the format on bootstrap templates in dropdown programmatically
-         * 
+         *
         * @name    TopNav.setFormat
         * @function
         */
@ -4256,7 +4287,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {

        /**
         * returns if attachment dropdown is readonly, not editable
-         * 
+         *
         * @name   TopNav.isAttachmentReadonly
         * @function
         * @return {bool}
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@ -41,38 +41,38 @@ if ($SYNTAXHIGHLIGHTING):
 endif;
 ?>
 		<noscript><link type="text/css" rel="stylesheet" href="css/noscript.css" /></noscript>
-		<script type="text/javascript" data-cfasync="false" src="js/jquery-3.4.1.js" integrity="sha512-bnIvzh6FU75ZKxp0GXLH9bewza/OIw6dLVh9ICg0gogclmYGguQJWl8U30WpbsGTqbIiAwxTsbe76DErLq5EDQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/jquery-3.4.1.js" integrity="sha512-9anGruNHwVXk3XlsUXFrdEe8Iq5EdB/Otrz+4C+VWtQGPThhPyQRCKPh8+H1QPyu2NmEi5oPuCPACVXPmhnvrQ==" crossorigin="anonymous"></script>
 <?php
 if ($QRCODE):
 ?>
-		<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.6.0.js" integrity="sha512-GEEIHvphDt1NmaxzX8X1ZkBiGKXCv+Ofzwi8SMEH5wQVWqdGIvBO/fnxxKZ90RU1bVp6srS68nHIpZo6iVcG9g==" crossorigin="anonymous"></script>
+		<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.6.0.js" integrity="sha512-mS5pSr1OST+Q29k4J4epdY+UFR9EmQ/mm96tV4QN22NHQPaWAXuDOAEAA9RAPpmY5jY2SDz8lMHN9CPysV/Dsg==" crossorigin="anonymous"></script>
 <?php
 endif;
 if ($ZEROBINCOMPATIBILITY):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/base64-1.7.js" integrity="sha512-JdwsSP3GyHR+jaCkns9CL9NTt4JUJqm/BsODGmYhBcj5EAPKcHYh+OiMfyHbcDLECe17TL0hjXADFkusAqiYgA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/base64-1.7.js" integrity="sha512-V6V3jxySWm/c62rSuY64hIU1/xYwaeQ+RJQyOzUMiZEMMlZXlnbif6/v/4v3Nck/cch7LylQU8lMplZUnIhSoA==" crossorigin="anonymous"></script>
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-Yey/0yoaVmSbqMEyyff3DIu8kCPwpHvHf7tY1AuZ1lrX9NPCMg87PwzngMi+VNbe4ilCApmePeuKT869RTcyCQ==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.7.js" integrity="sha512-/Bi1AJIP0TtxEB+Jh6Hk809H1G7vn4iJV80qagslf0+Hm0UjUi1s3qNrn1kZULjzUYuaf6ck0ndLGJ7MxWLmgQ==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/bootstrap-3.3.7.js" integrity="sha512-iztkobsvnjKfAtTNdHkGVjAYTrrtlC7mGp/54c40wowO7LhURYl3gVzzcEqGl/qKXQltJ2HwMrdLcNUdo+N/RQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-ltQiYRTMNyL8c4rObU3wsq1IY9qXWlw3ev19xbLZywKhzLy9Ys3QWkUfbokF8V1yZPGdfFqCPLGpbj+D4NhtDA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.7.js" integrity="sha512-1PEa62gwxcuweDJX3y/hE5hqV1WwUcKWdXnCPVBPu2J0QoONNH90gJSfKqdQCnsJhjMGNUWH6/UFQs1D3ufczQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-oC3qyjPVFoECDz+NY8EWEweqMF9Aobh+bxwfQsWTO+75CzsvHkZUZHiFI1iWPnCymurCZ8N1IRiA1lQstakAjw==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/bootstrap-3.3.7.js" integrity="sha512-4nvga8iY3PiT8GzEnK/LtrpuOmkQaomlAPaZPldgCzY2OSeEgRI3oaeDln2+BdV6B2nHj4B0oMOlmxa2VbHTUA==" crossorigin="anonymous"></script>
 <?php
 if ($SYNTAXHIGHLIGHTING):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/prettify.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/prettify.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-8Yo8AyWGdIAIogswah43R44ykWSTkNhgYaR4fsn49WSIsZ6GQF8HgO5ZbomYG7N459Rd2Ycl+JZTmJWovIy5TA==" crossorigin="anonymous"></script>
 <?php
 endif;
 if ($MARKDOWN):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.1.js" integrity="sha512-nRri7kqh3iRLdHbhtjfe8w9eAQPmt+ubH5U88UZyKbz6O9Q0q4haaXF0krOUclKmRJou/kKZYulgBHvHXPqOvg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.1.js" integrity="sha512-XaY4Yp8taiarnpsT49pd5AWWq9BfheHGV7MTt7ER2N5/rcq3v2DK7lbhdAhMic9eCoOD1cnBIgMCcV85ew4OSA==" crossorigin="anonymous"></script>
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-5GFThJ8KstWT1bNvB5JTAAXA+5QCNDv21foF7hSNoAc0oOxrHiUCP1ZlZs9zk4SbdIsmTSGL12Ecdj5CRISYxg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-x2Kev3A7fqc/QKCzRHoJ7qCiglgxXtY8WDUMPOUBI6jVueqRkRMGjP1IqD9iUWVuND81ckCCS27Br5M11tw0IA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3L/E22cdC3wDFXKM1i32bw4HdrfX14du2xswUKanOY6CLrD+e0hykmLvES+zfBKF1GFQFKr3OmdCVH2y+zHlsA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-orzZ0Xa2whu2x2rgs9pUPD3cbbw2kMK9GeCIQPC50/H66tgobl3LjsGNREI6s0porBoJ+Wp6icp+Z1FqyQ/bxA==" crossorigin="anonymous"></script>
 		<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
 		<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
--- a/tpl/page.php
+++ b/tpl/page.php
@ -20,37 +20,37 @@ if ($SYNTAXHIGHLIGHTING):
    endif;
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/jquery-3.4.1.js" integrity="sha512-bnIvzh6FU75ZKxp0GXLH9bewza/OIw6dLVh9ICg0gogclmYGguQJWl8U30WpbsGTqbIiAwxTsbe76DErLq5EDQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/jquery-3.4.1.js" integrity="sha512-9anGruNHwVXk3XlsUXFrdEe8Iq5EdB/Otrz+4C+VWtQGPThhPyQRCKPh8+H1QPyu2NmEi5oPuCPACVXPmhnvrQ==" crossorigin="anonymous"></script>
 <?php
 if ($QRCODE):
 ?>
-		<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.6.0.js" integrity="sha512-GEEIHvphDt1NmaxzX8X1ZkBiGKXCv+Ofzwi8SMEH5wQVWqdGIvBO/fnxxKZ90RU1bVp6srS68nHIpZo6iVcG9g==" crossorigin="anonymous"></script>
+		<script async type="text/javascript" data-cfasync="false" src="js/kjua-0.6.0.js" integrity="sha512-mS5pSr1OST+Q29k4J4epdY+UFR9EmQ/mm96tV4QN22NHQPaWAXuDOAEAA9RAPpmY5jY2SDz8lMHN9CPysV/Dsg==" crossorigin="anonymous"></script>
 <?php
 endif;
 if ($ZEROBINCOMPATIBILITY):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/base64-1.7.js" integrity="sha512-JdwsSP3GyHR+jaCkns9CL9NTt4JUJqm/BsODGmYhBcj5EAPKcHYh+OiMfyHbcDLECe17TL0hjXADFkusAqiYgA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/base64-1.7.js" integrity="sha512-V6V3jxySWm/c62rSuY64hIU1/xYwaeQ+RJQyOzUMiZEMMlZXlnbif6/v/4v3Nck/cch7LylQU8lMplZUnIhSoA==" crossorigin="anonymous"></script>
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-Yey/0yoaVmSbqMEyyff3DIu8kCPwpHvHf7tY1AuZ1lrX9NPCMg87PwzngMi+VNbe4ilCApmePeuKT869RTcyCQ==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.7.js" integrity="sha512-/Bi1AJIP0TtxEB+Jh6Hk809H1G7vn4iJV80qagslf0+Hm0UjUi1s3qNrn1kZULjzUYuaf6ck0ndLGJ7MxWLmgQ==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-g8uelGgJW9A/Z1tB6Izxab++oj5kdD7B4qC7DHwZkB6DGMXKyzx7v5mvap2HXueI2IIn08YlRYM56jwWdm2ucQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/zlib-1.2.11.js" integrity="sha512-ltQiYRTMNyL8c4rObU3wsq1IY9qXWlw3ev19xbLZywKhzLy9Ys3QWkUfbokF8V1yZPGdfFqCPLGpbj+D4NhtDA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/base-x-3.0.7.js" integrity="sha512-1PEa62gwxcuweDJX3y/hE5hqV1WwUcKWdXnCPVBPu2J0QoONNH90gJSfKqdQCnsJhjMGNUWH6/UFQs1D3ufczQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/rawinflate-0.3.js" integrity="sha512-oC3qyjPVFoECDz+NY8EWEweqMF9Aobh+bxwfQsWTO+75CzsvHkZUZHiFI1iWPnCymurCZ8N1IRiA1lQstakAjw==" crossorigin="anonymous"></script>
 <?php
 if ($SYNTAXHIGHLIGHTING):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/prettify.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/prettify.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-8Yo8AyWGdIAIogswah43R44ykWSTkNhgYaR4fsn49WSIsZ6GQF8HgO5ZbomYG7N459Rd2Ycl+JZTmJWovIy5TA==" crossorigin="anonymous"></script>
 <?php
 endif;
 if ($MARKDOWN):
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.1.js" integrity="sha512-nRri7kqh3iRLdHbhtjfe8w9eAQPmt+ubH5U88UZyKbz6O9Q0q4haaXF0krOUclKmRJou/kKZYulgBHvHXPqOvg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/showdown-1.9.1.js" integrity="sha512-XaY4Yp8taiarnpsT49pd5AWWq9BfheHGV7MTt7ER2N5/rcq3v2DK7lbhdAhMic9eCoOD1cnBIgMCcV85ew4OSA==" crossorigin="anonymous"></script>
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-5GFThJ8KstWT1bNvB5JTAAXA+5QCNDv21foF7hSNoAc0oOxrHiUCP1ZlZs9zk4SbdIsmTSGL12Ecdj5CRISYxg==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-x2Kev3A7fqc/QKCzRHoJ7qCiglgxXtY8WDUMPOUBI6jVueqRkRMGjP1IqD9iUWVuND81ckCCS27Br5M11tw0IA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3L/E22cdC3wDFXKM1i32bw4HdrfX14du2xswUKanOY6CLrD+e0hykmLvES+zfBKF1GFQFKr3OmdCVH2y+zHlsA==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-orzZ0Xa2whu2x2rgs9pUPD3cbbw2kMK9GeCIQPC50/H66tgobl3LjsGNREI6s0porBoJ+Wp6icp+Z1FqyQ/bxA==" crossorigin="anonymous"></script>
 		<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
 		<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
 		<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
Author	SHA1	Message	Date
rugk	470e0fc33c	Add missing break in switch	2020-03-06 10:03:27 +01:00
rugk	f13a5d0a55	Cleanup variables/logic It only assigns and DomPurfies things once, instead of doing it again and again. Also uses less variables and cleans up the logic.	2020-03-04 14:32:04 +01:00
rugk	552e0cac3a	Fix .getText of PasteViewer to return original text string The issue was that I reused an existing module variable. Now we have (yet another one) temp var for that. Practically this fixes the "clone paste" button by using the original text.	2020-03-04 13:44:57 +01:00
rugk	294b8804a4	Fix source code escaping in comments Also fix comments.	2020-03-04 13:29:06 +01:00
rugk	005d223c0d	Fix source code being not rendered If special characters were included the source code (HTML-like ones like < and >) is was not rendered. Fixes https://github.com/PrivateBin/PrivateBin/issues/588 It includes a change in the RegEx for URLs because that was broken when a & character later followed at any time after a link (even after a newline). (with a negative lookahead) Test with https://regex101.com/r/i7bZ73/1 Now the RegEx does not check for _all_ chars after a link, but just for the one following the link. (So the lookahead is not * anymore. I guess thsi behaviour was the expectation when it has been implemented.)	2020-03-04 11:45:56 +01:00