Large post consisting entirely of . breaks preview
-
I actually managed to DOS myself right out of The Official "Likes" Thread. I composed a draft consisting of probably a thousand instances of a single
.
character followed by a linebreak. I was hoping to create a really tall post. What I did was completely lock my browser, every time it tries to load a preview of the post.
-
-
All those potential likes.
-
As Mooochelle Obama might say, your profile is a Like desert.
-
It's not broken, just slow. Your computer is not stronk enough.1
- This is actually a true statement, and can be observed in a few other posts that have large amounts of content. Although there is something to be said that if your computer can't process the post data, the post (/discourse application) is broken. It's just static content, after all..
-
It's not broken, just slow. Your computer is not stronk enough.1
This is actually a true statement, and can be observed in a few other posts that have large amounts of content. Although there is something to be said that if your computer can't process the post data, the post is broken. It's just static content, after all..
I haven't tried dots before but I'm guessing he hit some kind of slow Markdown thing and the preview pane eloped with his CPU trying to render it.
-
It's not broken, just slow. Your computer is not stronk enough.<sup>1</sup>
- This is actually a true statement, and can be observed in a few other posts that have large amounts of content. Although there is something to be said that if your computer can't process the post data, the post is broken. It's just static content, after all..
It's a pretty powerful workstation, 3.4 GHz Xeon with 16 gigs of RAM and a solid state drive. I've been waiting a good 15 minutes now. Considering that I was able to install Adobe Master Suite in about 5 minutes...
-
Still not done. Well, I think it's re-rendering it every time I focus it? Maybe. Or maybe every time someone posts, and it's a very active thread.
-
You can force an internal server error 500 by spamming [[...\]] (and variations thereof)
-
I'm not being funny but that seems ridiculous. While naturally designing for edge cases should not be the norm, if you have pathological cases like that, something should be done.
I suspect, though, the result will be some rule in the code that prevents you trying to make such a post, rather than fixing the root cause.
-
It seems like two things should happen:
-
Max markdown limits that are sane (IE: < 50, < 100 instances of markdown) to render in the preview pane (not limit how much actually goes into the post)
-
Disable preview pane checkbox - this would instantly fix the 100% cpu utilization (at least for a single core) on silly amounts of markdown.
-
-
The weird thing was, it wasn't really a lot of content. Character-wise, it was pretty short. I'm not sure just what the parser is choking on here.
-
Well, there's a side case involved: the fact you actually need a live preview pane seems related to the amount of voodoo that trying to mix Markdown, raw XSS-friendly HTML and bbcode all at the same time.
I can write some horrendously complex bbcode posts, even involving nested tables and so on if I have to. And I can trust the parser to interpret it in a predictable and repeatable way. I feel DC's parser is a soup kitchen, and the only way I can get feedback on marked-up content is to use that. Or go without formatting.
-
This. If the code uses regex for markdown, instead of a stacked LL or LALR parser, a few thousand
.
's could easily trigger non-linear behavior.
-
Which is why the checkbox applies. I'm fairly sure the 'show/hide preview' link isn't actually disabling the parser - so if you've created something that hoses the preview pane, whether or not you're showing it will break posting ability.
My proposal would be if(isChecked(hidePreview)){return;} //SuperPseudoGOOOO!
To completely, 100% disable the preview tab.
-
If it doesn't work in the preview, what makes you think it'll work in the actual forum?
-
Because the preview pane and post display are different, I suspect.
-
Should it ever be possible to create a post that causes the preview pane to grind to a halt on a modern system? Because if so, that's a form of DoS vulnerability waiting to be exploited.
-
Should it ever be possible to create a post that causes the preview pane to grind to a halt on a modern system? Because if so, that's a form of DoS vulnerability waiting to be exploited.
JavaScript is SLOOOOOOOOWWWWWW.
-
Well, either it's because JavaScript is terrible or because it's running terrible code to be so painful.
Considering that there are people running 386 emulators in the browser through JS... I'm willing to suggest that it might not be JavaScript that's the problem here.
-
there are people running 386 emulators in the browser through JS
What the actual fuck?
-
-
I'm not sure what to even think about this monstrosity.
-
What? OK I need to book mark that as I need to share this silliness.
-
It's a monstrosity of sorts, sure. But it's a testament to JavaScript that it can support it at all.
-
It's cool, just...
What the fuck?
-
Well, that's rather ironic when you think about it
Better question: why the fuck not?
-
We already have enough clouds?
-
That's just it, it runs locally in the browser!
-
facepalm
I understand this.
-
Well, either it's because JavaScript is terrible or because it's running terrible code to be so painful.
Considering that there are people running 386 emulators in the browser through JS... I'm willing to suggest that it might not be JavaScript that's the problem here.
So JavaScript, running on modern 4.0 GHz quad-core systems, can emulate a 30 MHz CPU from 30 years ago. That's not convincing me that JavaScript is fast.
-
Well, first up, you can disregard the quad- part of that. Emulation pretty much generally has to be single cored (unless you're trying to emulate multicore), something the DOSBox devs have talked about on multiple occasions, about how there's actually no benefit to them to multicoring things because there's no actual benefit to it from their perspective - I fail to see why this would be significantly different.
Then you have the sheer number of layers being dealt with. In something like DOSBox, you're playing with C++, but you still have to interact with all the layers of the OS, from display to processing, which makes a huge difference. In this case, you're interacting with a browser with many more layers to contend with. And you're doing it with an at-best JIT compiled script.
Remind me again, what's the performance of DOSBox (which is a native app) on that same system? Because it isn't an order of magnitude better than the JS one.
And yes, JS is never going to be able to compete with native code. But it's significantly better than it used to be.
-
Mix-n-match injections are fun.
http://en.wikipedia.org/wiki/Kimbiji
I will make you onebox this for me
-
Mix-n-match injections are fun.
I will make you onebox this for me
Take that onebox. Quote replying me autofills my boxes of one. Wonder how that looks in the quote expansion dropdown... does it break now like with nested quotes or editted quotes, even though I didn't nest or edit anything?
Oh, I quoted all, so no expansion. Time to try again.
-
Mix-n-match injections are fun.
Now maybe? - woo it works. Expanding my quote de-oneboxes it. ha.
Thank you toasters, I realize I have posted 2 replies, I can still remember what I've done in the last 5 minutes. Is this thing written for someone with Alzheimers?
-
@darkmatter
Can you use this to onebox to a non white listed site by having the base onebox be a whitelisted one?
-
Nah, it's just doing normal oneboxing on the replies. I'm abusing the stripping of HTML tags by the Quote reply feature. I put a <randomgibberish></randomgibberish> tag around part of the URL or @Matches to get it to not auto-onebox or auto-mention. When one replies, the HTML is stripped and the auto-features do their magic to the reply text.
Quote @Mat<fu>ches for replymentions only.
-
I had intended to use reply, but clicked on the wrong reply button. Then I said fuck it, and added your @tag instead.
[Edit] Why is this my URL when replying to your post above?
http://what.thedailywtf.com/t/discourse-reopens-all-tabs-to-the-wrong-topic-after-discourse-crash-server-error-500/1058/35
-
This post is deleted!
-
I had intended to use reply, but clicked on the wrong reply button. Then I said fuck it, and added your @tag instead.
Wee?- @
Matches are played in tennis to see who is the victor.Full Quote Reply for wins.
-
This post is deleted!
-
Strictly that depends on the RE engine. However… it's Ruby so it's PCRE and that has some terrible edge cases with this sort of thing. (The fundamental issue is the use of a stack automaton rather than a finite state automaton, which allows for complex matching but makes certain types of matches hellishly expensive.)
I approve!
-
I know one forum system replaced its bbcode parser which was PCRE-driven specifically because pathological cases were found leading to a ReDoS. (I'd never even heard the term before that) They ended up with this odd little parser that stepped through tag by tag in something that smells like a stack but doesn't quite seem like either LL or LALR. In fact I'm not quite sure what to call it, other than a 1500 line monster. In PHP of all languages.
-
The king of markdown parsers is defiantly http://johnmacfarlane.net/pandoc/ it is super unfortunate there is no straight js port.
Cleanest js parser is probably https://github.com/chjj/marked but it is not as feature rich as the one we are using. To be totally honest, I am not at all a fan of the internals of our current markdown parser and kind of regret it.
-
I'm curious about something else.
At this point in this topic, I can reply to the topic. But no post has a reply button specific to that post.
As above, I certainly could reply to other users before, but I can't reply to individual users now. Is this something attached to the Bug category that is denoted by the little people icon?
(If so, it's not intuitive)
EDIT: When this saved, it didn't immediately reappear (at all, not just not in the right place). Refreshing the page reloaded it properly and all reply buttons are now back. No idea what that's about.
-
John is working on a new markdown parser called "Cheapskate". It's way faster. But so far, it's markdown only. Unlike pandoc, which is more of a document converter than anything else. Cheapskate is definitely "markdown" ready. It doesn't support extensions out of the box, though. I had to do some stacked LL hacking to get it to do some things I wanted.
-
-
pathological cases were found leading to a ReDoS
Eeenteresting.
Filed under: Sinister rubbing together of hands.
-
Yup, any of the forum systems that still do regex parsing of bbcode could potentially be vulnerable to it. Discourse has some protections against it according to Sam, but if anyone can find out how to break it... well, you know who it'll be.
-
it's Ruby so it's PCRE
It's not Ruby. The preview pane is done in Javascript, and the server side is done by exec-ing that same javascript server side, in a vain attempt to have the two arsers produce the same markup.Filed under: I would have corrected 'arsers' to 'parsers', but it pleases me.