From 15643689fdc7a9e2bf8d9f482736a3581409041f Mon Sep 17 00:00:00 2001 From: Cloudscape Germany <418352+cloudscape-germany@users.noreply.github.com> Date: Sat, 24 Jan 2026 12:40:44 +0100 Subject: [PATCH 01/10] Add exhaustive list of bot identifiers to badBotUA array - Minimizes false positives by using specific patterns like 'bot/', '-bot' - Catches most bot variants without being overly broad - Maintains case-sensitivity for precision - Includes both common patterns and specific known bots --- js/legacy.js | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 65 insertions(+), 2 deletions(-) diff --git a/js/legacy.js b/js/legacy.js index 38f3cb2d..e0d96c92 100644 --- a/js/legacy.js +++ b/js/legacy.js @@ -59,8 +59,71 @@ * @readonly */ var badBotUA = [ - 'Bot', - 'bot' + // Generic bot identifiers + 'bot/', + 'Bot/', + '-bot', + '-Bot', + 'crawler', + 'Crawler', + 'spider', + 'Spider', + 'scraper', + 'Scraper', + + // Search Engines + 'Googlebot', + 'Mediapartners-Google', + 'AdsBot-Google', + 'bingbot', + 'msnbot', + 'BingPreview', + 'Yahoo! Slurp', + 'Baiduspider', + 'YandexBot', + 'DuckDuckBot', + + // SEO & Analytics + 'AhrefsBot', + 'SemrushBot', + 'MJ12bot', + 'rogerbot', + 'Screaming Frog', + + // Social Media + 'facebookexternalhit', + 'Facebot', + 'Twitterbot', + 'LinkedInBot', + 'Pinterestbot', + 'Slackbot', + + // AI & LLM + 'GPTBot', + 'ChatGPT-User', + 'OAI-SearchBot', + 'ClaudeBot', + 'anthropic-ai', + 'PerplexityBot', + + // Monitoring & Uptime + 'Pingdom', + 'UptimeRobot', + 'BetterStackBot', + 'cron-job.org', + + // Security Scanners + 'CensysInspect', + 'Shodan', + 'BitSightBot', + + // Other Common Crawlers + '80legs', + 'ia_archiver', + 'Teoma', + 'Linguee Bot', + 'AddThis.com robot', + 'Speedy Spider' ]; /** From 968ec9cadab2a1015202f585bc87ec631112db0a Mon Sep 17 00:00:00 2001 From: Cloudscape Germany <418352+cloudscape-germany@users.noreply.github.com> Date: Sat, 24 Jan 2026 12:55:59 +0100 Subject: [PATCH 02/10] Fix JSDoc type for badBotUA variable Update JSDoc type annotation for badBotUA variable --- js/legacy.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/legacy.js b/js/legacy.js index e0d96c92..a648df9d 100644 --- a/js/legacy.js +++ b/js/legacy.js @@ -55,7 +55,7 @@ * blacklist of UserAgents (parts) known to belong to a bot * * @private - * @enum {Array} + * @type {string[]} * @readonly */ var badBotUA = [ From 0ed48c455f7c393f35a4d04e21ada214e92a8e7f Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 25 Jan 2026 09:26:14 +0100 Subject: [PATCH 03/10] address unneeded defensive code lint IMHO this check is actually necessary, as we do call the function with an empty argument. So we need a guard there, but we could simplify it a bit, by making the argument an empty array by default. I still kept the check for undefined (line 3249, first check) in case the caller passes us an undefined variable. See: https://github.com/PrivateBin/PrivateBin/security/quality/rules/js%2Funneeded-defensive-code - Copilot suggested to simply remove the if-condition and its else block, which I think is wrong. --- js/privatebin.js | 12 ++++++------ lib/Configuration.php | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index a6cdfd6e..6d618e6f 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -3234,7 +3234,7 @@ jQuery.PrivateBin = (function($) { * @param {FileList[]} loadedFiles (optional) loaded files array * @see {@link https://developer.mozilla.org/en-US/docs/Web/API/FileReader#readAsDataURL()} */ - function readFileData(loadedFiles) { + function readFileData(loadedFiles = []) { // Clear old cache me.removeAttachmentData(); @@ -3246,15 +3246,15 @@ jQuery.PrivateBin = (function($) { return; } - if (loadedFiles === undefined) { - loadedFiles = [...$fileInput[0].files]; - me.clearDragAndDrop(); - } else { + if (loadedFiles && loadedFiles.length > 0) { const fileNames = loadedFiles.map((loadedFile => loadedFile.name)); printDragAndDropFileNames(fileNames); + } else { + loadedFiles = [...$fileInput[0].files]; + me.clearDragAndDrop(); } - if (typeof loadedFiles !== 'undefined') { + if (loadedFiles.length > 0) { files = loadedFiles; loadedFiles.forEach((loadedFile, index) => { const fileReader = new FileReader(); diff --git a/lib/Configuration.php b/lib/Configuration.php index 66d98419..ccc2f156 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -122,7 +122,7 @@ class Configuration 'js/kjua-0.10.0.js' => 'sha512-BYj4xggowR7QD150VLSTRlzH62YPfhpIM+b/1EUEr7RQpdWAGKulxWnOvjFx1FUlba4m6ihpNYuQab51H6XlYg==', 'js/legacy.js' => 'sha512-rGXYUpIqbFoHAgBXZ0UlJBdNAIMOC9EQ67MG0X46D5uRB8LvwzgKirbSQRGdYfk8I2jsUcm+tvHXYboUnC6DUg==', 'js/prettify.js' => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==', - 'js/privatebin.js' => 'sha512-a8zeCawerrfYBa3x0fiaqZMtR1k9Fd0ZKMl2rhR2M7q25dGHDaoZOzn5xk9AiNHR+Enn7srauqOxnnI1XlooCw==', + 'js/privatebin.js' => 'sha512-2ybiXcPP5nF8Vv5mD03EW9jCQEC25adiwp+nMRELSSXCAL1KErWMYS9mVOsUeRSlvnzHrRw19DGpF0gmIZFXbw==', 'js/purify-3.3.0.js' => 'sha512-lsHD5zxs4lu/NDzaaibe27Vd2t7Cy9JQ3qDHUvDfb4oZvKoWDNEhwUY+4bT3R68cGgpgCYp8U1x2ifeVxqurdQ==', 'js/showdown-2.1.0.js' => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==', 'js/zlib-1.3.1-1.js' => 'sha512-5bU9IIP4PgBrOKLZvGWJD4kgfQrkTz8Z3Iqeu058mbQzW3mCumOU6M3UVbVZU9rrVoVwaW4cZK8U8h5xjF88eQ==', From 0f4ac5e98e7be3a51e828a463957f7bf65d2ff23 Mon Sep 17 00:00:00 2001 From: Cloudscape Germany <418352+cloudscape-germany@users.noreply.github.com> Date: Sun, 25 Jan 2026 20:58:24 +0100 Subject: [PATCH 04/10] Update js/legacy.js Co-authored-by: El RIDO --- js/legacy.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/js/legacy.js b/js/legacy.js index a648df9d..3c8ad473 100644 --- a/js/legacy.js +++ b/js/legacy.js @@ -108,8 +108,6 @@ // Monitoring & Uptime 'Pingdom', - 'UptimeRobot', - 'BetterStackBot', 'cron-job.org', // Security Scanners From 885ad4ff70a11e13efa5388924ae92dd7acab5a4 Mon Sep 17 00:00:00 2001 From: Cloudscape Germany <418352+cloudscape-germany@users.noreply.github.com> Date: Sun, 25 Jan 2026 21:03:51 +0100 Subject: [PATCH 05/10] Update js/legacy.js Co-authored-by: El RIDO --- js/legacy.js | 7 ------- 1 file changed, 7 deletions(-) diff --git a/js/legacy.js b/js/legacy.js index 3c8ad473..54537ef2 100644 --- a/js/legacy.js +++ b/js/legacy.js @@ -72,16 +72,9 @@ 'Scraper', // Search Engines - 'Googlebot', 'Mediapartners-Google', - 'AdsBot-Google', - 'bingbot', - 'msnbot', 'BingPreview', 'Yahoo! Slurp', - 'Baiduspider', - 'YandexBot', - 'DuckDuckBot', // SEO & Analytics 'AhrefsBot', From 3b543d327171fb3563ddb4963d3928cc6546917c Mon Sep 17 00:00:00 2001 From: Cloudscape Germany <418352+cloudscape-germany@users.noreply.github.com> Date: Sun, 25 Jan 2026 21:04:38 +0100 Subject: [PATCH 06/10] Update js/legacy.js Co-authored-by: El RIDO --- js/legacy.js | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/js/legacy.js b/js/legacy.js index 54537ef2..5a6195ae 100644 --- a/js/legacy.js +++ b/js/legacy.js @@ -77,27 +77,14 @@ 'Yahoo! Slurp', // SEO & Analytics - 'AhrefsBot', - 'SemrushBot', - 'MJ12bot', - 'rogerbot', 'Screaming Frog', // Social Media 'facebookexternalhit', - 'Facebot', - 'Twitterbot', - 'LinkedInBot', - 'Pinterestbot', - 'Slackbot', // AI & LLM - 'GPTBot', 'ChatGPT-User', - 'OAI-SearchBot', - 'ClaudeBot', 'anthropic-ai', - 'PerplexityBot', // Monitoring & Uptime 'Pingdom', From 9c40afbdf344c786a4ad32f652f9c6725943af6c Mon Sep 17 00:00:00 2001 From: Cloudscape Germany <418352+cloudscape-germany@users.noreply.github.com> Date: Sun, 25 Jan 2026 21:06:23 +0100 Subject: [PATCH 07/10] Update js/legacy.js Co-authored-by: El RIDO --- js/legacy.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/js/legacy.js b/js/legacy.js index 5a6195ae..8fef3472 100644 --- a/js/legacy.js +++ b/js/legacy.js @@ -93,15 +93,11 @@ // Security Scanners 'CensysInspect', 'Shodan', - 'BitSightBot', // Other Common Crawlers '80legs', 'ia_archiver', 'Teoma', - 'Linguee Bot', - 'AddThis.com robot', - 'Speedy Spider' ]; /** From 4711d9135a3422509bd858cc3c17e4f47d28c036 Mon Sep 17 00:00:00 2001 From: Cloudscape Germany <418352+cloudscape-germany@users.noreply.github.com> Date: Sun, 25 Jan 2026 21:10:36 +0100 Subject: [PATCH 08/10] Remove monitoring services from legacy.js Removed monitoring and uptime services from the list. --- js/legacy.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/js/legacy.js b/js/legacy.js index 8fef3472..fa33d081 100644 --- a/js/legacy.js +++ b/js/legacy.js @@ -86,10 +86,6 @@ 'ChatGPT-User', 'anthropic-ai', - // Monitoring & Uptime - 'Pingdom', - 'cron-job.org', - // Security Scanners 'CensysInspect', 'Shodan', From 0d24bac155ce35ded560cee126cc533b8995930e Mon Sep 17 00:00:00 2001 From: Cloudscape Germany <418352+cloudscape-germany@users.noreply.github.com> Date: Tue, 27 Jan 2026 14:50:23 +0100 Subject: [PATCH 09/10] Update js/legacy.js Co-authored-by: El RIDO --- js/legacy.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/js/legacy.js b/js/legacy.js index fa33d081..638425aa 100644 --- a/js/legacy.js +++ b/js/legacy.js @@ -60,10 +60,8 @@ */ var badBotUA = [ // Generic bot identifiers - 'bot/', - 'Bot/', - '-bot', - '-Bot', + 'bot', + 'Bot', 'crawler', 'Crawler', 'spider', From f6c01a6489675911a2ca0875ef6c632c84d4c022 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Wed, 28 Jan 2026 07:21:32 +0100 Subject: [PATCH 10/10] update SRI hash --- lib/Configuration.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Configuration.php b/lib/Configuration.php index ccc2f156..62740325 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -120,7 +120,7 @@ class Configuration 'js/dark-mode-switch.js' => 'sha512-BhY7dNU14aDN5L+muoUmA66x0CkYUWkQT0nxhKBLP/o2d7jE025+dvWJa4OiYffBGEFgmhrD/Sp+QMkxGMTz2g==', 'js/jquery-3.7.1.js' => 'sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==', 'js/kjua-0.10.0.js' => 'sha512-BYj4xggowR7QD150VLSTRlzH62YPfhpIM+b/1EUEr7RQpdWAGKulxWnOvjFx1FUlba4m6ihpNYuQab51H6XlYg==', - 'js/legacy.js' => 'sha512-rGXYUpIqbFoHAgBXZ0UlJBdNAIMOC9EQ67MG0X46D5uRB8LvwzgKirbSQRGdYfk8I2jsUcm+tvHXYboUnC6DUg==', + 'js/legacy.js' => 'sha512-RQEo1hxpNc37i+jz/D9/JiAZhG8GFx3+SNxjYnI7jUgirDIqrCSj6QPAAZeaidditcWzsJ3jxfEj5lVm7ZwTRQ==', 'js/prettify.js' => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==', 'js/privatebin.js' => 'sha512-2ybiXcPP5nF8Vv5mD03EW9jCQEC25adiwp+nMRELSSXCAL1KErWMYS9mVOsUeRSlvnzHrRw19DGpF0gmIZFXbw==', 'js/purify-3.3.0.js' => 'sha512-lsHD5zxs4lu/NDzaaibe27Vd2t7Cy9JQ3qDHUvDfb4oZvKoWDNEhwUY+4bT3R68cGgpgCYp8U1x2ifeVxqurdQ==',