Ultimate way to crash Chrome September 20, 2015, 07:59:53 pm http://simpleportal.net/index.php?topic=14115No idea how to fix it but it's *bad*, give it a try, please. By the way, it can be placed anywhere - in sigs etc. It should be addressed as quickly as possible because if some malicious users start to spam it, then they can lead any other user with Chrome-based browsers to instantly crash while browsing the forum.
Re: Ultimate way to crash Chrome Reply #2 – September 21, 2015, 12:22:26 am Yeah I dared to use to exclamation icon, too
Re: Ultimate way to crash Chrome Reply #3 – September 21, 2015, 07:50:15 am Thats awesome, I love it. (just hover that link in chrome and it bombs)http://a/%%30%30We should probably do some additional sanitation of the image / link strings in 1.1 ... the reality is that chrome will be fixed and pushed faster than the server side of things though.
Re: Ultimate way to crash Chrome Reply #4 – September 21, 2015, 08:37:46 am LOLWell, is that a valid url or has some invalid element?
Re: Ultimate way to crash Chrome Reply #5 – September 21, 2015, 09:54:19 am I don't think its valid as it would say the FQDN is "a"
Re: Ultimate way to crash Chrome Reply #6 – September 21, 2015, 05:38:38 pm Sigh, and they don't want to fix it on SMF. Undecided whether to laugh or cry.
Re: Ultimate way to crash Chrome Reply #7 – September 22, 2015, 02:06:02 am Quote from: Spuds – September 21, 2015, 09:54:19 amI don't think its valid as it would say the FQDN is "a"Though... it's a valid host unless I read the specification wrong.But what is the part that crashes chrome? Really the "a" or the fancy symbols in there?Quote from: Flavio93Zena – September 21, 2015, 05:38:38 pmSigh, and they don't want to fix it on SMF. Undecided whether to laugh or cry.Well, provided I'm not sure what there is to fix, I'm not really that fond in fixing an issue about the crash of a browser that will be fixed in a week, while in the best case, considering for something like this I wouldn't change the release plan and our next would be in December, I guess by the time we release the fix, nobody will even remember there was such a bug in Chrome.
Re: Ultimate way to crash Chrome Reply #8 – September 22, 2015, 02:42:46 am Please don't be like Kindred, add sanitization of the URL. Once you told me the same, your turn now.
Re: Ultimate way to crash Chrome Reply #9 – September 22, 2015, 08:06:32 am If there is something to sanitize.ETA: and anyway, please, go lobbying the fix for chrome as well, because it's chrome that is "reacting" quite a bit overkilling for a malformed url.
Re: Ultimate way to crash Chrome Reply #10 – September 22, 2015, 09:16:06 am I'm not sure what crashes chrome specifically, but I did not think a single character FQDN was valid, go figure. I would have thought it would need at least a \.[a-z]{2,} but I have not checked the spec.
Re: Ultimate way to crash Chrome Reply #11 – September 22, 2015, 12:55:11 pm I'm not sure I used the correct specs, but:Quote from: https://tools.ietf.org/html/rfc3986#section-3.2.2reg-name = *( unreserved / pct-encoded / sub-delims )let's see:http://a/%%30%30http://www.elkarte.net/%%30%30http://a/something/%%30%30http://a/%%30%29http://a/%%30http://a/%30%30http://a/%30
Re: Ultimate way to crash Chrome Reply #12 – September 22, 2015, 01:00:00 pm Only the first one crashes here. (Off to dinner, will log back in a lot later though).
Re: Ultimate way to crash Chrome Reply #13 – September 22, 2015, 01:15:27 pm Only the first three (yeah, I added some on the way )crash chrome, so the problem is not the FQDN, but exactly this particular sequence of URL-encoded entities.That said, that particular sequence is likely to be invalid, because %%30%30 => %00 => null char.But, I think (and I may very well be wrong) detect this specific null char in an URL is gonna be rather tricky.