This is somewhat anecdotal but while testing a friend's pierc setup I made several posts and the logs were completely inaccessible immediately after. (Something went spectacularly wrong, Error: blank)
I'm not sure which if any post caused the error.
The friend seemed to indicate he was using an updated version.
Although we had this failure, thankfully there weren't any XSS found yet!
Here were the test posts in order:
:crashdemons!~cd@unaffiliated/crashdemons PRIVMSG #dnbhl :testing the log bot: \0 %00 � "');</div><iframe src="http://google.com"> http://"/
:crashdemons!~cd@unaffiliated/crashdemons PRIVMSG #dnbhl :<>"http://www.google.com/"<>
:crashdemons!~cd@unaffiliated/crashdemons PRIVMSG #dnbhl :http://x y z
:crashdemons!~cd@unaffiliated/crashdemons PRIVMSG #dnbhl :>http://>http://>
Notes: while testing links I noticed that link URL text is not always escaped (not a big issue since quotation marks are) and an extra closing-span gets stuck inside the link for malformed links. Not a breaking issue.
Post 3 contains just a tab character and a No-break-space in the link, which isn't reflected above.
This is somewhat anecdotal but while testing a friend's pierc setup I made several posts and the logs were completely inaccessible immediately after. (Something went spectacularly wrong, Error: blank)
I'm not sure which if any post caused the error. The friend seemed to indicate he was using an updated version.
Although we had this failure, thankfully there weren't any XSS found yet!
Here were the test posts in order:
Notes: while testing links I noticed that link URL text is not always escaped (not a big issue since quotation marks are) and an extra closing-span gets stuck inside the link for malformed links. Not a breaking issue.
Post 3 contains just a tab character and a No-break-space in the link, which isn't reflected above.