... 502 NOT OK
-
-_-
-
@accalia said in ... 502 NOT OK:
-_-
-
@accalia So it does <h1>, but escapes . Interesting.
I wonder what other shenanigans can be pulled off there.
-
@Maciejasjmj Signature toaster guy?
-
@Weng said in ... 502 NOT OK:
@Maciejasjmj Signature toaster guy?
How do we crash the server with a signature, I wonder.
-
@Maciejasjmj said in ... 502 NOT OK:
@accalia So it does <h1>, but escapes . Interesting.
I wonder what other shenanigans can be pulled off there.
That's part of the horrible abomination that is regular expression-based HTML parsing.
-
-
@ben_lubar Regular expression based HTML parsing is not possible as HTML is not a regular language.
Therefore there is no regular expression based HTML parser, only a regular expression based HTML impersonator parser.
-
@ben_lubar said in ... 502 NOT OK:
That's part of the horrible abomination that is regular expression-based HTML parsing.
Does it actually do any HTML parsing? From brief look it only seems to parse the
{
placeholders}
like most other template engines and that can be done with regular expressions. That does not guarantee the output is valid, of course, but that's rather rare among templteing engines.
-
Yes, it does.
-
@anotherusername @index @value quote this post
-
@anotherusername said in ... 502 NOT OK:
Yes, it does.
In the posts, no. In the error toaster? ...Yes.
-
@ben_lubar don't you mean "click the view raw button"?
-
@ben_lubar said in ... 502 NOT OK:
@anotherusername @index @value quote this post
fine, I'll do it for you.
-
-
This post is deleted!
-
This post is deleted!
-
indeed.
-
-
-
-
@anotherusername well, i guess it's time to update my signature.
-
It's the number of the post relative to the page, I think.
-
@anotherusername said in ... 502 NOT OK:
It's the number of the post relative to the page, I think.
-
-
-
@anotherusername even worse, it got stuck at 0 on my other thread until i refreshed...ok so the templating system has some minor kinks, but it has to be immune to XSS right ???
-
This is the best bug. @index is brillant.
-
@Yamikuronue Why thank you!
-
@Yamikuronue said in ... 502 NOT OK:
This is the best bug. @index is brillant.
As good as Red Dead Redemption bugs?
-
@Yamikuronue Do the numbers change every time you enter the thread?
-
@aliceif
HOLY CRAP IT WORKS IN SIGS?!
-
@aliceif No, but it's 0 when the post is AJAX'd in and only a real number if it hits the server first
-
@Yamikuronue it's "relative 0-based index of this post in the list of posts I'm sending you". So when 1 post is AJAX'd in, it's always going to be 0. When loading the post in context, it's going to depend on pagination, or the list of posts that are loaded in one chunk for infiniscroll.
I think.
-
-
Does it work as a part of a link?
-
-
@aliceif oh wow...why does this happen, again?
-
@anotherusername do you mind sending a screenshot of the posts above this one? I.e. are my deleted posts visible above yours, or have they disappeared?
-
So can it be used in a URL to leak some kind of information to an external site?
Edit: Yep, although the value is questionable.
-
@bb36e they show up as deleted.
I'm not a wizard, I just have a userscript that caches people's posts when I've told it to cache their posts. I haven't told it to cache your posts, so it didn't.
-
Ok, so research on IRC says...
DRAT!
-
@bb36e To a mod, they are visible:
-
@anotherusername ah gotcha. I was wondering if it would be possible to use this to figure out if anyone in the thread had deleted their posts, but if nodebb always shows the 'this post has been deleted' text then there's no use
-
@bb36e ah...
I guess a mod would need to purge a deleted post to check.
-
This post is deleted!
-
-
@Onyx OH! It works when it's not streamed in!
-
-