From c06db5a2b708407c178c14c937c1d48ffdf0c0d2 Mon Sep 17 00:00:00 2001
From: antelle <dmitryvit@gmail.com>
Date: Wed, 30 Dec 2020 11:30:17 +0100
Subject: [PATCH] fix #1668: replacing more bad characters in entry fields

---
 app/scripts/models/entry-model.js | 4 ++--
 package-lock.json                 | 6 +++---
 package.json                      | 2 +-
 release-notes.md                  | 4 ++++
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/app/scripts/models/entry-model.js b/app/scripts/models/entry-model.js
index 82469060..58841b02 100644
--- a/app/scripts/models/entry-model.js
+++ b/app/scripts/models/entry-model.js
@@ -336,10 +336,10 @@ class EntryModel extends Model {
     }
 
     sanitizeFieldValue(val) {
-        if (val && !val.isProtected && val.indexOf('\x1A') >= 0) {
+        if (val && !val.isProtected) {
             // https://github.com/keeweb/keeweb/issues/910
             // eslint-disable-next-line no-control-regex
-            val = val.replace(/[\x00-\x1F]/g, '');
+            val = val.replace(/[\x00-\x1F\uFFF0-\uFFFF]/g, '');
         }
         return val;
     }
diff --git a/package-lock.json b/package-lock.json
index d3c3f767..8af4f7f7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9783,9 +9783,9 @@
       }
     },
     "kdbxweb": {
-      "version": "1.13.0",
-      "resolved": "https://registry.npmjs.org/kdbxweb/-/kdbxweb-1.13.0.tgz",
-      "integrity": "sha512-WDTZH63zYP4zdS/kCigyIeX0kEboRgR7wuToaLBHVchTKeNOisi3d2rdpJRQaCzcAAzoqOR8nZon2wpW8DH1+w==",
+      "version": "1.14.0",
+      "resolved": "https://registry.npmjs.org/kdbxweb/-/kdbxweb-1.14.0.tgz",
+      "integrity": "sha512-Hg+PBdur4Mp/pmKuj1vZfYB4uCONdNlJI8H65VO5beK/EexRwuJQBSxW8mIbHHrLP701Q2KDlc7GLeSrs3dRMA==",
       "requires": {
         "pako": "github:keeweb/pako#653c0b00d8941c89d09ed4546d2179001ec44efc",
         "text-encoding": "github:keeweb/text-encoding#4dfb7cb0954c222852092f8b06ae4f6b4f60bfbb",
diff --git a/package.json b/package.json
index 769acea2..1fa1bdb8 100644
--- a/package.json
+++ b/package.json
@@ -67,7 +67,7 @@
         "jquery": "3.5.1",
         "json-loader": "^0.5.7",
         "jsqrcode": "github:antelle/jsqrcode#0.1.3",
-        "kdbxweb": "^1.13.0",
+        "kdbxweb": "^1.14.0",
         "load-grunt-tasks": "5.1.0",
         "lodash": "^4.17.20",
         "marked": "^1.2.5",
diff --git a/release-notes.md b/release-notes.md
index ae6e63f6..a7486548 100644
--- a/release-notes.md
+++ b/release-notes.md
@@ -1,5 +1,9 @@
 Release notes
 -------------
+##### v1.16.6 (2020-12-30)
+`-` fix #1668: opening files with bad characters  
+`*` upgraded a vulnerable dependency  
+
 ##### v1.16.5 (2020-12-18)
 `-` using custom OneDrive without a secret  
 `+` GitHub funding link