From 08b324431426e053e8c5c35e9f660f60e13f0d9a Mon Sep 17 00:00:00 2001
From: Ribas160 <rommisha@gmail.com>
Date: Tue, 11 Nov 2025 20:13:10 +0200
Subject: [PATCH] privatebin.js SRI and CHANGELOG.md updated

---
 CHANGELOG.md          | 1 +
 lib/Configuration.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6c368725..f1707038 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
 # PrivateBin version history
 
 ## 2.0.3 (not yet released)
+* FIXED: Malicious filename can be used for self-XSS / HTML injection locally for users
 
 ## 2.0.2 (2025-10-28)
 * CHANGED: Upgrading libraries to: DOMpurify 3.3.0
diff --git a/lib/Configuration.php b/lib/Configuration.php
index a4909b37..ee72c43b 100644
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -121,7 +121,7 @@ class Configuration
             'js/kjua-0.10.0.js'      => 'sha512-BYj4xggowR7QD150VLSTRlzH62YPfhpIM+b/1EUEr7RQpdWAGKulxWnOvjFx1FUlba4m6ihpNYuQab51H6XlYg==',
             'js/legacy.js'           => 'sha512-rGXYUpIqbFoHAgBXZ0UlJBdNAIMOC9EQ67MG0X46D5uRB8LvwzgKirbSQRGdYfk8I2jsUcm+tvHXYboUnC6DUg==',
             'js/prettify.js'         => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==',
-            'js/privatebin.js'       => 'sha512-9z0y4LGbucj4HvTPYdPewBnijDUsPsDz8zDoQdjn2+pUw6P1OzhLe0EMtySeks4tp2AyuB0mQo1JBgJgKJxAOA==',
+            'js/privatebin.js'       => 'sha512-D2cmzY2Ol+RvUvN7g6gGCYRE3CIksHOg0B/ejbYgplDA2c3CHG1l81nvChTgXWCP4+uK2N5fMoRKzwUMjEjnSA==',
             'js/purify-3.3.0.js'     => 'sha512-lsHD5zxs4lu/NDzaaibe27Vd2t7Cy9JQ3qDHUvDfb4oZvKoWDNEhwUY+4bT3R68cGgpgCYp8U1x2ifeVxqurdQ==',
             'js/showdown-2.1.0.js'   => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==',
             'js/zlib-1.3.1-1.js'     => 'sha512-5bU9IIP4PgBrOKLZvGWJD4kgfQrkTz8Z3Iqeu058mbQzW3mCumOU6M3UVbVZU9rrVoVwaW4cZK8U8h5xjF88eQ==',