Hacker News new | ask | show | jobs
by lostmsu 35 days ago
Couldn't that be a source for vulnerabilities?
1 comments
ipaddr 35 days ago
Missing closing tags in html no.
link
lostmsu 35 days ago
I could imagine a page where cutting HTML would cause it be a yes (not exact JS).

  <script>
    setTimeout(10000, () => {
      safeEval(<some user input>);
    });
  </script>
  <script>
    window.safeEval = code => eval(code);
  </script>

  <!-- cut the page here -->
  <!-- the prev and next tags around this comment could be combined in one and cut in the middle if the browser autocloses them and treats as valid script after -->

  <script>
    <!-- safety fixed! -->
    const notTooSafe = window.safeEval;
    
    window.safeEval = code => {
      if (code.any(c => !c.isDigit())) throw "unsafe";
      return notTooSafe(code);
    };
  </script>
link
a_t48 35 days ago
Parent poster was talking about the latter half of a page being missing, rather than a chunk out of the middle, I believe.
link
lostmsu 35 days ago
If the script blocks are in the end, how would browser know there's no "latter half of a page"?
link
a_t48 35 days ago
Aha, now I get it. That's a neat idea.
link