mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2025-01-01 14:45:05 +01:00
Merge branch 'preview-encoding'
This commit is contained in:
commit
7abfe56910
4 changed files with 73 additions and 64 deletions
|
@ -375,7 +375,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* convert URLs to clickable links.
|
* convert URLs to clickable links in the provided element.
|
||||||
*
|
*
|
||||||
* URLs to handle:
|
* URLs to handle:
|
||||||
* <pre>
|
* <pre>
|
||||||
|
@ -386,14 +386,15 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||||
*
|
*
|
||||||
* @name Helper.urls2links
|
* @name Helper.urls2links
|
||||||
* @function
|
* @function
|
||||||
* @param {string} html
|
* @param {HTMLElement} element
|
||||||
* @return {string}
|
|
||||||
*/
|
*/
|
||||||
me.urls2links = function(html)
|
me.urls2links = function(element)
|
||||||
{
|
{
|
||||||
return html.replace(
|
element.html(
|
||||||
/(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]*>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
|
element.html().replace(
|
||||||
'<a href="$1" rel="nofollow">$1</a>'
|
/(((https?|ftp):\/\/[\w?!=&.\/-;#@~%+*-]+(?![\w\s?!&.\/;#~%"=-]>))|((magnet):[\w?=&.\/-;#@~%+*-]+))/ig,
|
||||||
|
'<a href="$1" rel="nofollow">$1</a>'
|
||||||
|
)
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -2504,36 +2505,24 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// escape HTML entities, link URLs, sanitize
|
if (format === 'markdown') {
|
||||||
const escapedLinkedText = Helper.urls2links(text),
|
const converter = new showdown.Converter({
|
||||||
sanitizedLinkedText = DOMPurify.sanitize(
|
strikethrough: true,
|
||||||
escapedLinkedText, {
|
tables: true,
|
||||||
ALLOWED_TAGS: ['a'],
|
tablesHeaderId: true,
|
||||||
ALLOWED_ATTR: ['href', 'rel']
|
simplifiedAutoLink: true,
|
||||||
}
|
excludeTrailingPunctuationFromURLs: true
|
||||||
);
|
});
|
||||||
$plainText.html(sanitizedLinkedText);
|
// let showdown convert the HTML and sanitize HTML *afterwards*!
|
||||||
$prettyPrint.html(sanitizedLinkedText);
|
$plainText.html(
|
||||||
|
DOMPurify.sanitize(
|
||||||
switch (format) {
|
converter.makeHtml(text)
|
||||||
case 'markdown':
|
)
|
||||||
const converter = new showdown.Converter({
|
);
|
||||||
strikethrough: true,
|
// add table classes from bootstrap css
|
||||||
tables: true,
|
$plainText.find('table').addClass('table-condensed table-bordered');
|
||||||
tablesHeaderId: true,
|
} else {
|
||||||
simplifiedAutoLink: true,
|
if (format === 'syntaxhighlighting') {
|
||||||
excludeTrailingPunctuationFromURLs: true
|
|
||||||
});
|
|
||||||
// let showdown convert the HTML and sanitize HTML *afterwards*!
|
|
||||||
$plainText.html(
|
|
||||||
DOMPurify.sanitize(
|
|
||||||
converter.makeHtml(text)
|
|
||||||
)
|
|
||||||
);
|
|
||||||
// add table classes from bootstrap css
|
|
||||||
$plainText.find('table').addClass('table-condensed table-bordered');
|
|
||||||
break;
|
|
||||||
case 'syntaxhighlighting':
|
|
||||||
// yes, this is really needed to initialize the environment
|
// yes, this is really needed to initialize the environment
|
||||||
if (typeof prettyPrint === 'function')
|
if (typeof prettyPrint === 'function')
|
||||||
{
|
{
|
||||||
|
@ -2541,15 +2530,18 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||||
}
|
}
|
||||||
|
|
||||||
$prettyPrint.html(
|
$prettyPrint.html(
|
||||||
DOMPurify.sanitize(
|
prettyPrintOne(
|
||||||
prettyPrintOne(escapedLinkedText, null, true)
|
Helper.htmlEntities(text), null, true
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
// fall through, as the rest is the same
|
} else {
|
||||||
default: // = 'plaintext'
|
// = 'plaintext'
|
||||||
$prettyPrint.css('white-space', 'pre-wrap');
|
$prettyPrint.text(text);
|
||||||
$prettyPrint.css('word-break', 'normal');
|
}
|
||||||
$prettyPrint.removeClass('prettyprint');
|
Helper.urls2links($prettyPrint);
|
||||||
|
$prettyPrint.css('white-space', 'pre-wrap');
|
||||||
|
$prettyPrint.css('word-break', 'normal');
|
||||||
|
$prettyPrint.removeClass('prettyprint');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3323,14 +3315,8 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||||
const $commentEntryData = $commentEntry.find('div.commentdata');
|
const $commentEntryData = $commentEntry.find('div.commentdata');
|
||||||
|
|
||||||
// set & parse text
|
// set & parse text
|
||||||
$commentEntryData.html(
|
$commentEntryData.text(commentText);
|
||||||
DOMPurify.sanitize(
|
Helper.urls2links($commentEntryData);
|
||||||
Helper.urls2links(commentText), {
|
|
||||||
ALLOWED_TAGS: ['a'],
|
|
||||||
ALLOWED_ATTR: ['href', 'rel']
|
|
||||||
}
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
// set nickname
|
// set nickname
|
||||||
if (nickname.length > 0) {
|
if (nickname.length > 0) {
|
||||||
|
|
|
@ -81,7 +81,15 @@ describe('Helper', function () {
|
||||||
'ignores non-URL content',
|
'ignores non-URL content',
|
||||||
'string',
|
'string',
|
||||||
function (content) {
|
function (content) {
|
||||||
return content === $.PrivateBin.Helper.urls2links(content);
|
content = content.replace(/\r/g, '\n').replace(/\u0000/g, '');
|
||||||
|
let clean = jsdom();
|
||||||
|
$('body').html('<div id="foo"></div>');
|
||||||
|
let e = $('#foo');
|
||||||
|
e.text(content);
|
||||||
|
$.PrivateBin.Helper.urls2links(e);
|
||||||
|
let result = e.text();
|
||||||
|
clean();
|
||||||
|
return content === result;
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
jsc.property(
|
jsc.property(
|
||||||
|
@ -95,9 +103,12 @@ describe('Helper', function () {
|
||||||
function (prefix, schema, address, query, fragment, postfix) {
|
function (prefix, schema, address, query, fragment, postfix) {
|
||||||
query = query.join('');
|
query = query.join('');
|
||||||
fragment = fragment.join('');
|
fragment = fragment.join('');
|
||||||
prefix = $.PrivateBin.Helper.htmlEntities(prefix);
|
prefix = prefix.replace(/\r/g, '\n').replace(/\u0000/g, '');
|
||||||
postfix = ' ' + $.PrivateBin.Helper.htmlEntities(postfix);
|
postfix = ' ' + postfix.replace(/\r/g, '\n').replace(/\u0000/g, '');
|
||||||
let url = schema + '://' + address.join('') + '/?' + query + '#' + fragment;
|
let url = schema + '://' + address.join('') + '/?' + query + '#' + fragment,
|
||||||
|
clean = jsdom();
|
||||||
|
$('body').html('<div id="foo"></div>');
|
||||||
|
let e = $('#foo');
|
||||||
|
|
||||||
// special cases: When the query string and fragment imply the beginning of an HTML entity, eg. � or &#x
|
// special cases: When the query string and fragment imply the beginning of an HTML entity, eg. � or &#x
|
||||||
if (
|
if (
|
||||||
|
@ -108,8 +119,12 @@ describe('Helper', function () {
|
||||||
url = schema + '://' + address.join('') + '/?' + query.substring(0, query.length - 1);
|
url = schema + '://' + address.join('') + '/?' + query.substring(0, query.length - 1);
|
||||||
postfix = '';
|
postfix = '';
|
||||||
}
|
}
|
||||||
|
e.text(prefix + url + postfix);
|
||||||
return prefix + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + postfix);
|
$.PrivateBin.Helper.urls2links(e);
|
||||||
|
let result = e.html();
|
||||||
|
clean();
|
||||||
|
url = $('<div />').text(url).html();
|
||||||
|
return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + $('<div />').text(postfix).html() === result;
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
jsc.property(
|
jsc.property(
|
||||||
|
@ -118,10 +133,18 @@ describe('Helper', function () {
|
||||||
jsc.array(common.jscQueryString()),
|
jsc.array(common.jscQueryString()),
|
||||||
'string',
|
'string',
|
||||||
function (prefix, query, postfix) {
|
function (prefix, query, postfix) {
|
||||||
prefix = $.PrivateBin.Helper.htmlEntities(prefix);
|
prefix = prefix.replace(/\r/g, '\n').replace(/\u0000/g, '');
|
||||||
postfix = $.PrivateBin.Helper.htmlEntities(postfix);
|
postfix = ' ' + postfix.replace(/\r/g, '\n').replace(/\u0000/g, '');
|
||||||
let url = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,'');
|
let url = 'magnet:?' + query.join('').replace(/^&+|&+$/gm,''),
|
||||||
return prefix + '<a href="' + url + '" rel="nofollow">' + url + '</a> ' + postfix === $.PrivateBin.Helper.urls2links(prefix + url + ' ' + postfix);
|
clean = jsdom();
|
||||||
|
$('body').html('<div id="foo"></div>');
|
||||||
|
let e = $('#foo');
|
||||||
|
e.text(prefix + url + postfix);
|
||||||
|
$.PrivateBin.Helper.urls2links(e);
|
||||||
|
let result = e.html();
|
||||||
|
clean();
|
||||||
|
url = $('<div />').text(url).html();
|
||||||
|
return $('<div />').text(prefix).html() + '<a href="' + url + '" rel="nofollow">' + url + '</a>' + $('<div />').text(postfix).html() === result;
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
|
@ -72,7 +72,7 @@ endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-5GFThJ8KstWT1bNvB5JTAAXA+5QCNDv21foF7hSNoAc0oOxrHiUCP1ZlZs9zk4SbdIsmTSGL12Ecdj5CRISYxg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-QxNK2redCFTgf0W/sniAeqIiX4LOSrqONVTEgt1pQOMgbItohHiV/gx0EV/36Wz+pTtDsqiP2GIvQp+C4ki8Pg==" crossorigin="anonymous"></script>
|
||||||
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
|
<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
|
||||||
|
|
|
@ -50,7 +50,7 @@ endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-2.0.8.js" integrity="sha512-QwcEKGuEmKtMguCO9pqNtUtZqq9b/tJ8gNr5qhY8hykq3zKTlDOvpZAmf6Rs8yH35Bz1ZdctUjj2qEWxT5aXCg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-5GFThJ8KstWT1bNvB5JTAAXA+5QCNDv21foF7hSNoAc0oOxrHiUCP1ZlZs9zk4SbdIsmTSGL12Ecdj5CRISYxg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-QxNK2redCFTgf0W/sniAeqIiX4LOSrqONVTEgt1pQOMgbItohHiV/gx0EV/36Wz+pTtDsqiP2GIvQp+C4ki8Pg==" crossorigin="anonymous"></script>
|
||||||
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
|
<link rel="icon" type="image/png" href="img/favicon-16x16.png?<?php echo rawurlencode($VERSION); ?>" sizes="16x16" />
|
||||||
|
|
Loading…
Reference in a new issue