privly / zerobin Goto Github PK

The BurntAfter parameter on ZeroBin URLs is placed on the data's URL. Privly.js does not parse the data's URL, so it does not know when the content has been destroyed.

To fix this issue, new ZeroBins should specify an explicit time until destruction which will be respected by the remote content server. The best parameter to use is post[seconds_until_burn], which is a special API parameter supported by the server.

Since ZeroBin is explicitly setting this parameter value, it could be added to the parameter string of ZeroBin, instead of the data URL.

ZeroBin content cannot currently be viewed on the content server since the content server does not have the decryption key. If we cache user-owned links in browser local storage, we can have the extension supply the key to an iframe in the content server. This would then allow the user to update the content.

The ZeroBin app looks nothing like the content server's styling. ZeroBin should adopt the color scheme of the content server. The layout of the page works fairly well and doesn't need significant re-working.

ZeroBin currently does not support any markup language because it needs to be supported in Javascript. We should add support for the Markdown language by integrating a Javascript Markdown library. The Markdown library will need to be scrutinized for possible cross site scripting vulnerabilities.

I patched ZeroBin to work with Privly, but it is gradually drifting away from the point where we can effectively work with the original ZeroBin. We should reduce the application to the core layout and scripts, and track those with the master.