/t/ - Science/Technology

For discussion of Science, Technology and Math

Loading...

[Return] [Go to Bottom] [Catalog]

File: Screenshot from 2021-09-20….png (119.57 KB, 1280x1024, 5:4, 1632193210368.png) [Show in Hex Viewer] [Reverse Image search]

 No.541[D]

I NEED to blogpost

 No.542[D][DF]

File: Screenshot from 2021-09-20….png (121.34 KB, 1280x1024, 5:4, 1632193264718.png) [Show in Hex Viewer] [Reverse Image search]

>>541
after this, I get another:

 No.543[D][DF]

File: Screenshot from 2021-09-20….png (30.51 KB, 1280x1024, 5:4, 1632193327794.png) [Show in Hex Viewer] [Reverse Image search]

>>541
then it shits itself

 No.544[D][DF]

>>543
twoot is asleep, someone had hacked it it. Thats why its fugged right now
Also /sg/ not /t/

 No.545[D][DF]

File: 1626231690330.png (42.21 KB, 472x472, 1:1, 1632193870273.png) [Show in Hex Viewer] [Reverse Image search]

>>544
ah, ok. I will follow his example and sleep. thank you anon

 No.546[D][DF]

Someone was able to put a <script> tag in the name field apparently:
><script>document.body.innerHTML = '';</script>
Good news is this should be trivial to fix by twoot, and the injected scripts are harmless
Anyhow if you want to use livechan before twoot gets home from work paste the following code in your browser console after you get the first 'h' message. Then you can close the "h" thing

var escape = document.createElement('textarea');
function esc(html) {
escape.textContent = html;
return escape.innerHTML;
};

var f = Renderer.message;
Renderer.message = (a)=> {a.name = esc(a.name);a.msg = esc(a.msg);return f(a)}

**Explanation: Livechan loads the messages by appending a string containing the necessary html to the page. The post data is inserted in this string through concatenation. User produced content should never be inserted like that, in fact, a similar mechanism is behind sql injections. But I guess twoot thought he had appropriate filters on post upload, forgetting however to check the name field. Again, this should be simple to fix, 22chan itself already does this.
My script takes the livechan function that creates the post html and "escapes" the post name and message beforehand so the scripts don't get executed**

 No.547[D][DF]

>>546
Oh shit spoilers don't work here? [spoiler]test[/spoiler]

 No.548[D][DF]

>>547
huh, I thought worked

 No.549[D][DF]

>>548
Lmao. "**" works only if surrounded by whitespace. ok. Sorry for spamming

 No.550[D][DF]

>>546
That doesn't work for me. I get the 'h' alert, paste that into dev tools -> console and then I just get the milan reparier alert and the site stops loading. No change when I paste it in.

 No.551[D][DF]

File: live.png (116 KB, 1205x710, 241:142, 1632242504007.png) [Show in Hex Viewer] [Reverse Image search]

>>550
You have to press enter to execute it. Otherwise I'm clueless, as I was even able to post

 No.552[D][DF]

>>550
>>551
Ohhh, you're on chrome. Just tested; chrome doesn't let me execute the code because alert takes over everything. So I guess this is firefox only, sorry

 No.553[D][DF]

>>552
Chromium, but yeah. Looks like it

 No.554[D][DF]

File: twoot.jpg (98.12 KB, 800x533, 800:533, 1632322628609.jpg) [Show in Hex Viewer] [Reverse Image search]

twot is lazy
consider sacrificing more virgins to attract his attention



[Reply to this Thread]

[Return] [Go to top] [Catalog]
[Post a Reply]