New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

If you enter "{{" into the labor category search, your browser/computer will run out of memory #1355

Closed
jseppi opened this Issue Feb 10, 2017 · 4 comments

Comments

Projects
None yet
1 participant
@jseppi
Contributor

jseppi commented Feb 10, 2017

Seems like it gets stuck in some kind of a loop. This was found during the penetration testing.

Pretty nasty!

@jseppi

This comment has been minimized.

Contributor

jseppi commented Feb 10, 2017

Issue appears to be in the autocomplete functionality. Not sure if it is in the JS or it might just be in the parsing of the returned response. A query for "{{" to that API returns a JSON array of over 22,000 items, which might be just causing the browser to barf during parse.

Example API call: http://app.calc.docker/api/search/?format=json&q={{&query_type=match_all

@jseppi

This comment has been minimized.

Contributor

jseppi commented Feb 10, 2017

Ok, I did a little experimentation (basically changed the search API method to always return all contracts), which has led me to believe that it is not the size of the response causing the problem, because the autocomplete doesn't lock up with "good" inputs still in the experiment.

@jseppi

This comment has been minimized.

Contributor

jseppi commented Feb 10, 2017

Alright, I've narrowed the problem down to appendHighlightedTerm in autocomplete.js

@jseppi

This comment has been minimized.

Contributor

jseppi commented Feb 10, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment