/t/ - Science/Technology

For discussion of Science, Technology and Math


[Return] [Go to Bottom] [Catalog]

File: Screenshot from 2021-09-20….png (119.57 KB, 1280x1024, 5:4, 1632193210368.png) [Show in Hex Viewer] [Reverse Image search]


I NEED to blogpost


File: Screenshot from 2021-09-20….png (121.34 KB, 1280x1024, 5:4, 1632193264718.png) [Show in Hex Viewer] [Reverse Image search]

after this, I get another:


File: Screenshot from 2021-09-20….png (30.51 KB, 1280x1024, 5:4, 1632193327794.png) [Show in Hex Viewer] [Reverse Image search]

then it shits itself


twoot is asleep, someone had hacked it it. Thats why its fugged right now
Also /sg/ not /t/


File: 1626231690330.png (42.21 KB, 472x472, 1:1, 1632193870273.png) [Show in Hex Viewer] [Reverse Image search]

ah, ok. I will follow his example and sleep. thank you anon


Someone was able to put a <script> tag in the name field apparently:
><script>document.body.innerHTML = '';</script>
Good news is this should be trivial to fix by twoot, and the injected scripts are harmless
Anyhow if you want to use livechan before twoot gets home from work paste the following code in your browser console after you get the first 'h' message. Then you can close the "h" thing

var escape = document.createElement('textarea');
function esc(html) {
escape.textContent = html;
return escape.innerHTML;

var f = Renderer.message;
Renderer.message = (a)=> {a.name = esc(a.name);a.msg = esc(a.msg);return f(a)}

**Explanation: Livechan loads the messages by appending a string containing the necessary html to the page. The post data is inserted in this string through concatenation. User produced content should never be inserted like that, in fact, a similar mechanism is behind sql injections. But I guess twoot thought he had appropriate filters on post upload, forgetting however to check the name field. Again, this should be simple to fix, 22chan itself already does this.
My script takes the livechan function that creates the post html and "escapes" the post name and message beforehand so the scripts don't get executed**


Oh shit spoilers don't work here? [spoiler]test[/spoiler]


huh, I thought worked


Lmao. "**" works only if surrounded by whitespace. ok. Sorry for spamming


That doesn't work for me. I get the 'h' alert, paste that into dev tools -> console and then I just get the milan reparier alert and the site stops loading. No change when I paste it in.


File: live.png (116 KB, 1205x710, 241:142, 1632242504007.png) [Show in Hex Viewer] [Reverse Image search]

You have to press enter to execute it. Otherwise I'm clueless, as I was even able to post


Ohhh, you're on chrome. Just tested; chrome doesn't let me execute the code because alert takes over everything. So I guess this is firefox only, sorry


Chromium, but yeah. Looks like it


File: twoot.jpg (98.12 KB, 800x533, 800:533, 1632322628609.jpg) [Show in Hex Viewer] [Reverse Image search]

twot is lazy
consider sacrificing more virgins to attract his attention

[Reply to this Thread]

[Return] [Go to top] [Catalog]
[Post a Reply]