Not sure if it counts as bug
-
But still feels strange...
-
-
@Zecc said in Not sure if it counts as bug:
<!-- a padding to disable MSIE and Chrome friendly error page -->
We've been here before: https://what.thedailywtf.com/post/796751
-
@Yamikuronue said in I keep telling you! Chrome can sometimes hide an HTTP 500 ClassNotFound error!!:
http://www.softwaresmitten.com/blog/2012/01/25/five-fresh-approaches-to-500-server-error-pages/
Sweet taste of irony.
-
@PJH Yep. But maybe stripping off html tag and anything afterward on .ajaxTransport() could help.
Or maybe some part of this forum will get whole HTML page with AJAX calls so cannot do this? I don't know.
-
@cheong said in Not sure if it counts as bug:
@PJH Yep. But maybe stripping off html tag and anything afterward on .ajaxTransport() could help.
Or maybe some part of this forum will get whole HTML page with AJAX calls so cannot do this? I don't know.
Why should the software handle the case of the server being dead during a request?
-
@ben_lubar Those javascripts should handle "bad input", shouldn't it? Just like when Google dropped their OAuthv1 support, their authentication server redirect the request to a page with announcement on discontinuing the server and suggest all people still depends on OAuthv1 move to OAuthv2 now. This change had chokes a dozen "auto-login auto-login" sites and their script now will check the response content for HTML before processig it.
Just that in the case the input is created by server, not user.
-
@ben_lubar said in Not sure if it counts as bug:
@cheong said in Not sure if it counts as bug:
@PJH Yep. But maybe stripping off html tag and anything afterward on .ajaxTransport() could help.
Or maybe some part of this forum will get whole HTML page with AJAX calls so cannot do this? I don't know.
Why should the software handle the case of the server being dead during a request?
Because it's expecting
200 OK
and some JSON, and it gets something else and something else? Why should it just dutifully print that, when it's obviously wrong?
-
@anotherusername said in Not sure if it counts as bug:
Because it's expecting
200 OK
and some JSONActually, if you had tried it instead of just guessing, you'd see that an actual invalid username results in a
403
with a content-type oftext/html; charset=utf-8
and a response body of[[error:no-user]]
for an invalid username, and so on.
-
@ben_lubar so it's expecting
403 Forbidden
and some weird data format they invented. It gets502 Bad Gateway
and some HTML. My point still stands.
-
@anotherusername with the composer closed, try quoting my previous post.
-
@ben_lubar What
-
@ben_lubar said in Not sure if it counts as bug:
@anotherusername said in Not sure if it counts as bug:
Because it's expecting
200 OK
and some JSONActually, if you had tried it instead of just guessing, you'd see that an actual invalid username results in a
403
with a content-type oftext/html; charset=utf-8
and a response body ofUser does not exist
for an invalid username, and so on.What indeed.
-
User does not exist
Category does not exist
You do not have enough privileges for this action.
You can't purge the main post, please delete the topic instead
-
@Maciejasjmj or the other way round?
[[error:username-taken]]
[[error:csrf-invalid]]
[[error:blacklisted-ip]]
[[global:404.message, http://html5zombo.com]]
-
@Maciejasjmj said in Not sure if it counts as bug:
@Maciejasjmj or the other way round?
Username taken
We were unable to log you in, likely due to an expired session. Please try again
Sorry, your IP address has been banned from this community. If you feel this is in error, please contact an administrator.
You seem to have stumbled upon a page that does not exist. Return to the <a href='http://html5zombo.com/'>home page</a>.
Yup, that's it.
-
@ben_lubar said in Not sure if it counts as bug:
@anotherusername with the composer closed, try quoting my previous post.
Yeah, it requests some things that are HTML. I assume that's the point you're trying to make? But it's fetching the post to quote through WebSockets, not XMLHttpRequest.
So if the server barfs, won't that connection just time out and fail? You're not performing an HTTP request, so why would it ever give you an HTTP status code and an HTML error page instead of what you requested?
-
@anotherusername said in Not sure if it counts as bug:
@ben_lubar said in Not sure if it counts as bug:
@anotherusername with the composer closed, try quoting my previous post.
Yeah, it requests some things that are HTML. I assume that's the point you're trying to make? But it's fetching the post to quote through WebSockets, not XMLHttpRequest.
So if the server barfs, won't that connection just time out and fail? You're not performing an HTTP request, so why would it ever give you an HTTP status code and an HTML error page instead of what you requested?
See @Zecc's and @Maciejasjmj's posts for what I was referring to.
-
@ben_lubar You failed to mention that I had to highlight and then quote your post. I initially quoted your post without highlighting and it worked just fine.
-
@anotherusername said in Not sure if it counts as bug:
@ben_lubar You failed to mention that I had to highlight and then quote your post. I initially quoted your post without highlighting and it worked just fine.
Highlighting it is not required.
-
@ben_lubar ok, guess I just failed to notice it then. I don't see how it relates to the original post though.
-
@Zecc said in Not sure if it counts as bug:
What indeed.
Something that will either be abused or used to get someone an XSS . That's what.
-
<sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small>H</small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub>[[error:blacklisted-ip]]<sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small>ighlight and quote this post...</small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub>
-
@anotherusername said in Not sure if it counts as bug:
<sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small>Q</small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub>Sorry, your IP address has been banned from this community. If you feel this is in error, please contact an administrator.<sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small><sub><sub><sup><small>uote this post...</small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub></small></sup></sub></sub>
No, YOUR mother eats shit.