Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2026-01-23 02:35:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1688 from PrivateBin/purify-3.3.0

Browse source 
update DOMpurify library from 3.2.7 to 3.3.0
This commit is contained in:
El RIDO 2025-10-28 11:44:34 +01:00 committed by GitHub
commit 392e160006
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 8 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -1,6 +1,7 @@
# PrivateBin version history
## 2.0.2 (not yet released)
* CHANGED: Upgrading libraries to: DOMpurify 3.3.0
* CHANGED: Refactored jQuery DOM element creation into plain JavaScript
* FIXED: Sanitize file name in attachment size hint

2
js/common.js
View file

@ -15,7 +15,7 @@ require('./prettify');
global.prettyPrint = window.PR.prettyPrint;
global.prettyPrintOne = window.PR.prettyPrintOne;
global.showdown = require('./showdown-2.1.0');
global.DOMPurify = require('./purify-3.2.7');
global.DOMPurify = require('./purify-3.3.0');
global.baseX = require('./base-x-5.0.1').baseX;
global.Legacy = require('./legacy').Legacy;
require('./privatebin');

2
js/purify-3.2.7.js
View file

File diff suppressed because one or more lines are too long

2
js/purify-3.3.0.js Normal file
View file

File diff suppressed because one or more lines are too long

2
js/test/AttachmentViewer.js
View file

@ -160,7 +160,7 @@ describe('AttachmentViewer', function () {
const maliciousFileNames = [
'<script>alert("☹️");//<a',
'"><meta http-equiv="refresh" content="0;url=http://example.com/">.txt',
'"><meta http-equiv="refresh" content="0;url=http://example.com/">.txt'
];
for (const filename of maliciousFileNames) {
$.PrivateBin.AttachmentViewer.setAttachment('data:;base64,', filename);

2
lib/Configuration.php
View file

@ -122,7 +122,7 @@ class Configuration
'js/legacy.js' => 'sha512-rGXYUpIqbFoHAgBXZ0UlJBdNAIMOC9EQ67MG0X46D5uRB8LvwzgKirbSQRGdYfk8I2jsUcm+tvHXYboUnC6DUg==',
'js/prettify.js' => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==',
'js/privatebin.js' => 'sha512-7b9PUe3bhiZAjMlNMuRMLkiiTx4CpIlh/L/XAfj+zmQ0DUFXIVkdliOLEZixXliYc3N97OOZEJPpRA7VYMLyjw==',
'js/purify-3.2.7.js' => 'sha512-2H9wzIiPQCOsh7T3hK/WuqWIwSQ2oYq91doyrp1LcnXuPyxzehopypz16wiWqxmMjx2cVIqAWCoRp1gNZAsFEQ==',
'js/purify-3.3.0.js' => 'sha512-lsHD5zxs4lu/NDzaaibe27Vd2t7Cy9JQ3qDHUvDfb4oZvKoWDNEhwUY+4bT3R68cGgpgCYp8U1x2ifeVxqurdQ==',
'js/showdown-2.1.0.js' => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==',
'js/zlib-1.3.1-1.js' => 'sha512-5bU9IIP4PgBrOKLZvGWJD4kgfQrkTz8Z3Iqeu058mbQzW3mCumOU6M3UVbVZU9rrVoVwaW4cZK8U8h5xjF88eQ==',
),

2
tpl/bootstrap.php
View file

@ -65,7 +65,7 @@ if ($MARKDOWN) :
<?php
endif;
?>
<?php $this->_scriptTag('js/purify-3.2.7.js', 'defer'); ?>
<?php $this->_scriptTag('js/purify-3.3.0.js', 'defer'); ?>
<?php $this->_scriptTag('js/legacy.js', 'defer'); ?>
<?php $this->_scriptTag('js/privatebin.js', 'defer'); ?>
<!-- icon -->

2
tpl/bootstrap5.php
View file

@ -49,7 +49,7 @@ if ($MARKDOWN) :
<?php
endif;
?>
<?php $this->_scriptTag('js/purify-3.2.7.js', 'defer'); ?>
<?php $this->_scriptTag('js/purify-3.3.0.js', 'defer'); ?>
<?php $this->_scriptTag('js/legacy.js', 'defer'); ?>
<?php $this->_scriptTag('js/privatebin.js', 'defer'); ?>
<!-- icon -->