Hacker News new | ask | show | jobs
Please review my project
6 points by andrewoons 4443 days ago
We created a simple tool for asking quick questions and getting extremely fast answers to that question. The generated url for the question is easily shareable.

We would love some feedback on our project so we can improve it and make it even more fun and simple to use.

The url is http://fastask.it

Thanks in advance!
9 comments
computer 4443 days ago
You forgot to escape your HTML output.

http://fastask.it/%3Cscript%3Ealert%28%22asdf%22%29;%3C/scri...

Also, there's SQL injections too:

http://fastask.it/%27

http://fastask.it/%27%20OR%201=1;--

And you can vote more than once, because there's no server-side check: (ignore the question text)

http://fastask.it/register_votephp

Also, including a slash in a question (like "Red is good, yes/no") breaks your layout due to relative paths:

http://fastask.it/a/b

The maximum length of questions is also only validated on the client. This question is longer than the normally allowed length:

http://fastask.it/asdf-asdf-asdf-asdf-asdf-asdf-asdf-asdf-as...

Your server side cuts too long questions off at some point too; this was originally 8kb of periods, plus the string "8kb":

http://fastask.it/8kb

I think it's now 225 periods, so that might be the size of your "ask" column in the question table.

Also, if you click a vote button really fast you can vote multiple times (until a request success callback is called and the button is faded away).

Also, the "No"-button seems to have stopped disabling itself entirely, at least for me.

You should probably read up prepared statements for MySQL, about input sanitizing, and security in general :)

In terms of the non-technical side: I had no idea what was going to happen after I clicked "Create". If you promise Instant answers, why would the button be named "Create" and not "Answer"? But the questions are not answered Instantly, so I would remove that term from your entire site.

I'd term it "polling" instead of "asking a question"/getting "answers" as well, since it's just yes/no. And what use-cases do you have in mind? If it's for group emails or quick polls or whatever, perhaps add a comment box for responses that are more than just yes or no.

link
maddisc2 4443 days ago
HI

I think it should say get instant yes/no answers to simple questions.

A border round the input box might be worth while, but I am old school!

Good luck with it!

link
jsegura 4443 days ago
If you type a "?" in the textbox it generate the following link: "http://fastask.it/". I think that in that if the question has no printable characters (?, space, enter) you should behave as if no answer is entered.

What do you think?

link
v08i 4443 days ago
http://fastask.it/%3Cscript%3Ealert%28'test'%29;%3C/script%3...

This link is throwing a PDO exception and has exposed your server path which is potentially dangerous.

link
lbr 4442 days ago
It's very simple. But your description is unclear: >a simple tool for asking quick questions and getting extremely fast answers to that question.

It's really a tool for creating and sharing simple yes/no polls.

link
known 4443 days ago
Try http://www.coverity.com/
link
ColinWright 4443 days ago
Clickable: http://fastask.it
link
mattgecko 4443 days ago
You should make it obvious that it needs to be a Yes or No answer question
link
jsegura 4443 days ago
Totally agree
link
ryanshaun 4443 days ago
http://fastask.it/am-i-gay
link