mirror/0bin
1
0
Fork 0
mirror of https://github.com/Tygs/0bin.git synced 2023-08-10 21:13:00 +03:00
Code Issues Projects Releases Wiki Activity

email on bottom site + footer menu

Browse Source
This commit is contained in:
papee 2020-08-12 14:28:58 +02:00
commit eb05aaa103
5 changed files with 93 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
zerobin/static/js/behavior.js
View File

@ -37,7 +37,8 @@ const app = new Vue({
isUploading: false,
currentPaste: {
ownerKey: '',
id: ''
id: '',
type: '',
},
newPaste: {
expiration: '1_day',
@ -48,11 +49,7 @@ const app = new Vue({
and add a class to the html tag with the result */
support: {
clipboard: (function () {
var val = !!(navigator.clipboard);
document.querySelector('html').classList.add((val ? '' : 'no-') + 'clipboard');
return val;
})(),
clipboard: !!(isSecureContext && navigator.clipboard && navigator.clipboard.writeText),
localStorage: (function () {
var val = !!(localStorage);
@ -157,23 +154,7 @@ const app = new Vue({
copyToClipboard: () => {
var pasteContent = zerobin.getPasteContent();
let promise;
if (pasteContent.indexOf("data:image") === 0) {
promise = fetch(pasteContent).then((res) => {
return res.blob().then(blob => {
return navigator.clipboard.write([
new ClipboardItem({
[blob.type]: blob
})
])
})
})
} else {
promise = navigator.clipboard.writeText(pasteContent);
}
let promise = navigator.clipboard.writeText(pasteContent);
promise.then(function () {
zerobin.message('info', 'The paste is now in your clipboard', '', true);
@ -765,6 +746,7 @@ if (content && key) {
if (content.indexOf('data:image') == 0) {
// Display Image
app.currentPaste.type = "image";
let pasteContent = document.querySelector('#paste-content');
pasteContent.style.display = "none";
@ -782,6 +764,8 @@ if (content && key) {
url: content
}
} else {
app.currentPaste.type = "text"
}
bar.set('Code coloration...', '95%');
@ -821,9 +805,9 @@ if (content && key) {
} /* End of "DECRYPTION" */
/* Display bottom paste option buttons when needed */
window.onload = function () {
/* Display bottom paste option buttons when needed */
["keyup", "change"].forEach((event) => {
let content = document.getElementById("content");
content.addEventListener(event, () => {
@ -861,3 +845,15 @@ if (app.support.history && zerobin.paste_not_found) {
}
})
}
/* Autofit text area height */
const tx = document.getElementsByTagName('textarea');
for (let i = 0; i < tx.length; i++) {
tx[i].setAttribute('style', 'height:' + (tx[i].scrollHeight) + 'px;overflow-y:hidden;');
tx[i].addEventListener("input", OnInput, false);
}
function OnInput() {
this.style.height = 'auto';
this.style.height = (this.scrollHeight) + 'px';
}

2
zerobin/views/base.tpl
View File

@ -102,7 +102,7 @@
<script src="/static/js/additional.min.js?{{ settings.VERSION }}"></script>
%else:
<script src="/static/js/lzw.js"></script>
<script src="/static/js/prettify.min.js"></script>
<script src="/static/js/prettify.min.js"></script>
%end
<p id="alert-template" class="alert-primary">

124
zerobin/views/faq.tpl
View File

@ -1,68 +1,74 @@
<div class="well" id="faq">
<h1>FAQ</h1>
<h1>FAQ</h1>
<table>
<tr>How does 0bin work?</tr>
<td>
<p>A random key is generated and used to encrypt the paste, thanks to
the <a href="http://crypto.stanford.edu/sjcl/">sjcl</a>
JavaScript library.</p>
<p>The encrypted content is then sent to the server, which returns the
address of the newly created paste.</p>
<p>The JavaScript code redirects to this address, but it adds the
encryption key in the URL hash (#).</p>
<p>When somebody wants to read the paste, they will usually click on a link
with this URL. If the hash containing the key is a part of it, 0bin's
JavaScript will use it to decrypt the content sent by the server.</p>
<p>The browser never sends the hash to the server, so the latter does not
receives the key at any time.</p>
</td>
<table>
<tr>How does 0bin work?</tr>
<td>
<p>A random key is generated and used to encrypt the paste, thanks to
the <a href="http://crypto.stanford.edu/sjcl/">sjcl</a>
JavaScript library.</p>
<p>The encrypted content is then sent to the server, which returns the
address of the newly created paste.</p>
<p>The JavaScript code redirects to this address, but it adds the
encryption key in the URL hash (#).</p>
<p>When somebody wants to read the paste, they will usually click on a link
with this URL. If the hash containing the key is a part of it, 0bin's
JavaScript will use it to decrypt the content sent by the server.</p>
<p>The browser never sends the hash to the server, so the latter does not
receives the key at any time.</p>
</td>
<tr>But JavaScript encryption is not secure!</tr>
<td>
<p>No, it isn't.</p>
<p>The goal of 0bin is <strong>not</strong> to protect the user and their data
(including, obviously, their secrets).</p>
<p>Instead, it aims to protect the host from being sued for the
content users pasted on the pastebin. The idea is that you cannot
require somebody to moderate something they cannot read - as such,
the host is granted plausible deniability.</p>
<tr>But JavaScript encryption is not secure!</tr>
<td>
<p>No, it isn't.</p>
<p>The goal of 0bin is <strong>not</strong> to protect the user and their data
(including, obviously, their secrets).</p>
<p>Instead, it aims to protect the host from being sued for the
content users pasted on the pastebin. The idea is that you cannot
require somebody to moderate something they cannot read - as such,
the host is granted plausible deniability.</p>
<p>Remember that as an user, you should use 0bin in the same way as unencrypted and
insecure pastebins - that is, with caution. The only difference with those is that if
you decide to host a 0bin server, the encryption feature hopefully be used as a defense.
This is not proven, though! :-)
<p>Remember that as an user, you should use 0bin in the same way as unencrypted and
insecure pastebins - that is, with caution. The only difference with those is that if
you decide to host a 0bin server, the encryption feature hopefully be used as a defense.
This is not proven, though! :-)
</td>
<tr>What if the server changes the JavaScript code? And what happens in the case of a <a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">MITM attack</a>?</tr>
<td>
<p>Read above.</p>
<p>0bin is not built, and does not aim, to protect user data - but rather the host.
If any user data is compromised, 0bin still provides the host with
plausible deniability (as they ignore the content of the pastes).</p>
<p>It would make no sense if the host was to compromise the encryption process
to read the data; in that case, they wouldn't have
installed 0bin in the first place, as 0bin is here to protect them.</p>
<p><strong>However, if you want to ensure your data is not read in anyway, you should
not use 0bin</strong>. Use <a href="http://www.cypherpunks.ca/otr/">OTR</a> for chatting,
<a href="https://gnupg.org/">GnuPG</a> for encrypted & verified data sharing, with <a href="https://www.enigmail.net/">EnigMail</a>
for emails.</p>
<p>It would be unlikely for those softwares to fail you. Errors will nearly always come from your side - you ought to have a perfect <a href="https://en.wikipedia.org/wiki/Operations_security">operations security</a>
if you do not want your data to be leaked. Remember to use your common sense.</p>
</td>
<tr>How did the idea of 0bin emerge?</tr>
<td>
<p>0bin is based on <a href="http://sebsauvage.net/wiki/doku.php?id=php:zerobin">sebsauvage's work</a>.
The project sprang as a reaction to <a href="https://www.zdnet.com/blog/security/pastebin-to-hunt-for-hacker-pastes-anonymous-cries-censorship/11336">the implementation of a moderation system on Pastebin</a>,
due to the significant amount of illegal content pasted on it, or that it linked to.</p>
</td>
<tr>How can I get 0bin?</tr>
<td>
<p>0bin is an open-source project, and the code is hosted on <a href="https://github.com/sametmax/0bin">GitHub</a>.
You can either download a tarball or clone the repository.</p>
</td>
</table>
</td>
<tr>What if the server changes the JavaScript code? And what happens in the case of a <a
href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">MITM attack</a>?</tr>
<td>
<p>Read above.</p>
<p>0bin is not built, and does not aim, to protect user data - but rather the host.
If any user data is compromised, 0bin still provides the host with
plausible deniability (as they ignore the content of the pastes).</p>
<p>It would make no sense if the host was to compromise the encryption process
to read the data; in that case, they wouldn't have
installed 0bin in the first place, as 0bin is here to protect them.</p>
<p><strong>However, if you want to ensure your data is not read in anyway, you should
not use 0bin</strong>. Use <a href="http://www.cypherpunks.ca/otr/">OTR</a> for chatting,
<a href="https://gnupg.org/">GnuPG</a> for encrypted & verified data sharing, with <a
href="https://www.enigmail.net/">EnigMail</a>
for emails.</p>
<p>It would be unlikely for those softwares to fail you. Errors will nearly always come from your side - you
ought to have a perfect <a href="https://en.wikipedia.org/wiki/Operations_security">operations security</a>
if you do not want your data to be leaked. Remember to use your common sense.</p>
</td>
<tr>How did the idea of 0bin emerge?</tr>
<td>
<p>0bin is based on <a href="http://sebsauvage.net/wiki/doku.php?id=php:zerobin">sebsauvage's work</a>.
The project sprang as a reaction to <a
href="https://www.zdnet.com/blog/security/pastebin-to-hunt-for-hacker-pastes-anonymous-cries-censorship/11336">the
implementation of a moderation system on Pastebin</a>,
due to the significant amount of illegal content pasted on it, or that it linked to.</p>
</td>
<tr>How can I get 0bin?</tr>
<td>
<p>0bin is an open-source project, and the code is hosted on <a
href="https://github.com/sametmax/0bin">GitHub</a>.
You can either download a tarball or clone the repository.</p>
</td>
</table>
</div>

2
zerobin/views/home.tpl
View File

@ -32,7 +32,7 @@
<div class="progress-bar progress-bar-striped" role="progressbar"></div>
</div>
<textarea rows="10" style="width:100%;" class="form-control" id="content" name="content" autofocus
@keydown.prevent.ctrl.enter="encryptAndSendPaste()"></textarea>
@keydown.ctrl.enter="encryptAndSendPaste()"></textarea>
</div>
<div class="form-group select-date paste-option down" v-if="displayBottomToolBar">

8
zerobin/views/paste.tpl
View File

@ -19,14 +19,16 @@
%end
%end
<h1>{% currentPaste.type %}</h1>
<div class="well paste-form">
<form action="/" method="get" accept-charset="utf-8">
<div class="d-flex justify-content-between">
<div class="btn-group" role="group">
<button v-if="support.clipboard" @click.prevent="copyToClipboard()" type="button" id="clip-button"
class="btn btn-secondary">Copy To Clipboard</button>
<button v-if="support.clipboard && currentPaste.type === 'text'" @click.prevent="copyToClipboard()"
type="button" id="clip-button" class="btn btn-secondary">Copy to clipboard</button>
<button type="button" id="email-link" class="btn btn-secondary" @click="handleSendByEmail($event)">Email
this</button>
</div>
@ -119,7 +121,7 @@
</div>
<div>
<textarea rows="10" style="width:100%;" class=" form-control" @keydown.prevent.ctrl.enter="encryptAndSendPaste()"
<textarea rows="10" style="width:100%;" class=" form-control" @keydown.ctrl.enter="encryptAndSendPaste()"
id="content" name="content"></textarea>
</div>