Silk Road forums
Support => Bug reports => Topic started by: NorcoCo on September 04, 2013, 01:40 am
-
How many other things are getting filtered without anyone noticing?
Try to send the following 2 lines anywhere on SR:
-
OnHg==
The only thing that will come through is "-" and the beginning of text on the next line will get deleted! This prevents me posting my key in product listings, my profile, or messages. This happened suddenly about a month ago.
When I contacted support I got the following response:
I apologize for this inconvenience. Our XSS filter is flagging your key by mistake. We don't have a good way to modify the filter to let your key through, so the best solution for now is to use a new key and make sure it passes through the system before publishing it.
Making a new key carries some hassles for me, so I have just been using pastebin to share my key.
But this is really very amateurish, and it worries me. XSS prevention does not require censoring standard characters like those above. It just requires escaping certain characters and some closer attention to where user content is placed.
The way the site seems to be filtering text is almost certainly going about things the wrong way.
I am really hoping that an engineer over at SR could take some time one day and correctly implement these filters.
Alternatively, if there is anyone at SR who can explain exactly what attack this particular filter is supposed to prevent, I think I could try and find a solution that doesn't involve inadvertently blocking legitimate PGP keys.
Thanks.
-
Interesting... there is a back-end to SR that isn't a part of your usual website. How it interacts with the web server and the data it handles is anybody's guess -- it's possible this is a precaution taken for that reason, I suppose.
* My Usual Disclaimer: I do not focus on web development.