Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix malformed HTML causing uncaught error #13042

Merged
merged 1 commit into from
Feb 7, 2020

Conversation

Gargron
Copy link
Member

@Gargron Gargron commented Feb 4, 2020

Fix OEmbed preview API leaking existence of private statuses (see #12930)

Fix OEmbed preview API leaking existence of private statuses (see #12930)
@Gargron Gargron added bug Something isn't working security Security issues and fixes, vulnerabilities labels Feb 4, 2020
@ClearlyClaire
Copy link
Contributor

Do you have an example of what's causing the ArgumentError?

@Gargron
Copy link
Member Author

Gargron commented Feb 4, 2020

@ThibG I do not have a specific example, some status(es) seem to be going around that cause it but I cannot see which ones, however in theory it's just '<div>' * 1000

Oh sorry, and the specific ArgumentError is ArgumentError (Document tree depth limit exceeded)

Copy link
Contributor

@ClearlyClaire ClearlyClaire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, I agree with the OEmbed part… the reformat part, I'm not too sure about… it seems weird to just have an empty status or bio, even if the original content is probably not good any way… but otherwise, LGTM

@Gargron Gargron merged commit a64973a into master Feb 7, 2020
@Gargron Gargron deleted the fix-rescue-document-depth-limit branch February 7, 2020 14:24
rtucker pushed a commit to vulpineclub/mastodon that referenced this pull request Jan 7, 2021
…ing uncaught error

Fix OEmbed preview API leaking existence of private statuses (see mastodon#12930)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working security Security issues and fixes, vulnerabilities
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants