Welcome to SP!  -
Areas & RangesMountains & RocksRoutesImagesArticlesTrip ReportsGearOtherPeoplePlans & PartnersWhat's NewForum

Report Bugs Here

Suggestions and comments about SummitPost's features, policies, and procedures. Post bugs here.
 

Re: Report Bugs Here

Postby Josh Lewis » Fri Jan 10, 2014 7:25 pm

I don't understand how meta data can break "real" data? I understand inaccuracies of typed code, but this seems a bit different.
User Avatar
Josh Lewis

 
Posts: 3185
Joined: Thu Jan 06, 2011 11:12 pm
Location: Lynnwood, Washington, United States
Thanked: 948 times in 579 posts

Re: Report Bugs Here

Postby nartreb » Fri Jan 10, 2014 8:41 pm

Josh, are you asking how the bug "worked", or are you asking what it has to do with security?

If the former, the answer is simple: the META tag ends at a > . If the content copied in contains a > character [and a double quote somewhere before that], then that character ends the META tag and the rest of the copied content is now outside the META tag, making it ordinary HTML that will be displayed on the page. (You might think that nothing would be displayed since it's still within the HEAD, but you'd be wrong.)

Code: Select all
<meta name="description" content="here is some caption text containing a double quote "  and then a > character" />


In this example the META tag ends before the word "character"

As to the latter, this bug doesn't necessarily expose anything more than allowing HTML comments does in the first place. Which isn't all that much; input-sanitizing applies first and foremost to your SQL, second to your server-side scripts. Client-side stuff is fundamentally beyond your control, though you can do some cleaning to prevent the most common annoyances. In this case, the meta tag is generated server-side, which caused me to raise an eyebrow.
User Avatar
nartreb

 
Posts: 2167
Joined: Sat Apr 03, 2004 10:45 pm
Location: online or in boston, Massachusetts, United States
Thanked: 157 times in 133 posts

The following user would like to thank nartreb for this post
Josh Lewis

Re: Report Bugs Here

Postby Alpinist » Fri Jan 17, 2014 4:39 pm

Not sure if this has been reported yet but MyTopo maps are not working correctly. The link no longer takes you to the specific coordinates.
User Avatar
Alpinist

 
Posts: 6344
Joined: Tue Jul 29, 2003 7:21 pm
Location: Kildeer, Illinois, United States
Thanked: 818 times in 544 posts

Re: Report Bugs Here

Postby Josh Lewis » Fri Jan 17, 2014 5:59 pm

Seems to work now. :) The URL should add a "&z=15" at the end of it so that it is zoomed in to that peak. I tested this to confirm that it works. Right now when using the link to MyTopo it has me zoomed way out which is inconvenient.
User Avatar
Josh Lewis

 
Posts: 3185
Joined: Thu Jan 06, 2011 11:12 pm
Location: Lynnwood, Washington, United States
Thanked: 948 times in 579 posts

The following user would like to thank Josh Lewis for this post
Alpinist

Re: Report Bugs Here

Postby Scott » Tue Jan 21, 2014 6:33 pm

There seems to be a new bug in the search function. At least from what I can see, the scroll bars for searching for mountains, routes, etc., by country, etc. no longer work for Google Chrome, at least not on two computers I tried. They still work fine in IE. They also work by using the mouse wheel.
User Avatar
Scott

 
Posts: 8013
Joined: Thu Aug 21, 2003 1:03 pm
Location: Craig, Colorado, United States
Thanked: 1024 times in 528 posts

Re: Report Bugs Here

Postby Josh Lewis » Tue Jan 21, 2014 9:52 pm

The issue on Google Chrome with scroll bars for drop downs happens on MountainProject too. Another reason I like FireFox better. 8)
User Avatar
Josh Lewis

 
Posts: 3185
Joined: Thu Jan 06, 2011 11:12 pm
Location: Lynnwood, Washington, United States
Thanked: 948 times in 579 posts

Re: Report Bugs Here

Postby ARosenthal » Wed Feb 05, 2014 6:13 pm

Not sure if this is just me but when I try to post a new topic in Firefox it takes me to my profile page. Tried logging out and back in, restarting browser, etc. The url it takes me to is:

http://www.summitpost.org/users/arosent ... firm_post=

Seems to work fine in Chrome.
User Avatar
ARosenthal

 
Posts: 87
Joined: Mon Aug 31, 2009 6:58 pm
Location: Santa Cruz, California, United States
Thanked: 1 time in 1 post

Re: Report Bugs Here

Postby Josh Lewis » Wed Feb 05, 2014 8:43 pm

It's a cookie issue. Try clearing your cookies. It's one of the biggest glitches in SummitPost which no one can figure out how to solve it. Unless someone is willing to step up to the plate. :wink:
User Avatar
Josh Lewis

 
Posts: 3185
Joined: Thu Jan 06, 2011 11:12 pm
Location: Lynnwood, Washington, United States
Thanked: 948 times in 579 posts

Re: Report Bugs Here

Postby Scott » Thu Mar 13, 2014 8:49 pm

I keep getting this, but only in Google Chrome? I cleared cookies, etc.
Attachments
sp.JPG
sp.JPG (136.31 KiB) Viewed 698 times
User Avatar
Scott

 
Posts: 8013
Joined: Thu Aug 21, 2003 1:03 pm
Location: Craig, Colorado, United States
Thanked: 1024 times in 528 posts

Re: Report Bugs Here

Postby Scott » Fri Mar 14, 2014 2:17 am

On which pages and what actions are you doing when you get that error?


It was happening when I would try to post anything on the forum. It would take me to my profile page with all that stuff on it. Seems to be working now.
User Avatar
Scott

 
Posts: 8013
Joined: Thu Aug 21, 2003 1:03 pm
Location: Craig, Colorado, United States
Thanked: 1024 times in 528 posts

Re: Report Bugs Here

Postby rgg » Fri Mar 14, 2014 11:34 am

I got the same error a few of times (in Google Chrome), but didn't pay close attention to what I did right before this. I didn't even try to post anything in the forum though, so that's not what's causing it.
User Avatar
rgg
Forum Moderator
 
Posts: 728
Joined: Sat Oct 02, 2010 7:15 pm
Location: Amsterdam, Netherlands
Thanked: 157 times in 126 posts

Re: Report Bugs Here

Postby rgg » Fri Mar 14, 2014 11:48 am

Whether it's related or not I couldn't say, but after I posted the previous message, the two links "User Control Panel" and "View your posts" at the top of the forum where gone!
User Avatar
rgg
Forum Moderator
 
Posts: 728
Joined: Sat Oct 02, 2010 7:15 pm
Location: Amsterdam, Netherlands
Thanked: 157 times in 126 posts

PreviousNext

Return to Site Feedback

 


  • Related topics
    Replies
    Views
    Last post

Who is online

Users browsing this forum: No registered users and 0 guests

© 2006-2013 SummitPost.org. All Rights Reserved.