Greetings!
I sent two mails about this to appdb@winehq.org the other day, but austin987 suggested I'll mail here (and Cc jnewman), too, since it has been a few days now.
So I broke a couple of pages:
//appdb.winehq.org/objectManager.php?sClass=version&iId=24670
//appdb.winehq.org/objectManager.php?sClass=version&iId=24695
Using QupZilla (QtWebEngine edition), the Xinha editor took its built-in ad-block rules, with some of the style code, and included them in the code for the page, which breaks most of it (none of the test results or notes/comments\bugs show up).
Loading up the form at AppDB resulted into a count of HTML: 259501, and this number goes up by about the same amount every time the form is reloaded, and (probably) all of it will be included in the code.
It would be great if someone with the power to do so could undo my edits to the two pages I mentioned, as I can't do anything about it myself. :]
I already reported the issue upstream of QupZilla, and a fix was quickly put in place there, but the editor itself remains vulnerable (no idea how big of an annoyance /really/ exploiting it could become).
Thank you, and apologies for the inconvenience!
On Tue, 31 May 2016 12:04:22 +0300 Jimi Huotari chiitoo@gentoo.org wrote:
So I broke a couple of pages:
//appdb.winehq.org/objectManager.php?sClass=version&iId=24670 //appdb.winehq.org/objectManager.php?sClass=version&iId=24695
I deleted the reports that were breaking those pages. FYI, the way to do that is to go to the page for one of the older test reports (use Google to find one). That allows the page to render, and you can use the links in the Test Results table to delete or edit the offending test report.
I already reported the issue upstream of QupZilla, and a fix was quickly put in place there, but the editor itself remains vulnerable (no idea how big of an annoyance /really/ exploiting it could become).
https://bugs.winehq.org/show_bug.cgi?id=34647
-
Jimi Huotari -
Rosanne DiMesio