yetangitu/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-10-06 02:39:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

reverting escaping just for Markdown formatting, as discussed in #269

Browse source
This commit is contained in:
El RIDO 2018-01-03 21:18:33 +01:00
parent a95701bba8
commit 5e070db6a1
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
4 changed files with 9 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

11
js/privatebin.js
View file

@ -1700,8 +1700,11 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
return;
}
// set sanitized and linked text
var sanitizedLinkedText = DOMPurify.sanitize(Helper.urls2links(text));
// escape HTML entities, link URLs, sanitize
var escapedLinkedText = Helper.urls2links(
$('<div />').text(text).html()
),
sanitizedLinkedText = DOMPurify.sanitize(escapedLinkedText);
$plainText.html(sanitizedLinkedText);
$prettyPrint.html(sanitizedLinkedText);
@ -1728,7 +1731,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
$prettyPrint.html(
DOMPurify.sanitize(
prettyPrintOne(Helper.urls2links(text), null, true)
prettyPrintOne(escapedLinkedText, null, true)
)
);
// fall through, as the rest is the same
@ -1824,8 +1827,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
*/
me.setText = function(newText)
{
// escape HTML entities
newText = $('<div />').text(newText).html();
if (text !== newText) {
text = newText;
isChanged = true;