GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
If a user writes a line with an appropriate number of characters that ends in a tag with an entity immediately following, ajaxChat.breakLongWords() will insert the break string in the middle of the entity.
This is reproducible with the default settings of 32 character line lengths with the following message:
This results in the :) being replaced by the proper <img> tag while the & does not get recognized as the beginning of an entity and &​; is the result.
Consequently the exception (DOM Exception 12--invalid syntax) is caught, but in the handling of it, there seems to be an infinite loop. In Firefox, Safari, and Chrome, memory usage will rise by about 100 MB per second until the task is killed. Removing the lines that report this error will stop the leak, but after a few minutes Chrome will crash anyway. The solution is to not produce invalid HTML in the first place ;)
Additionally a small fix, E_ALL is actually all errors but strict. This fixes that, too.
Actually show all errors
Stops linebreaks from being inserted in an entity immediately followi…
…ng the end of a tag.
Thank you for the report. I'll review and merge shortly.
Why would we want to show strict errors though? That's useful for development but showing strict warnings to users is usually not what they want. I was debating shutting off error reporting in the release code.
Well, if you're going to show any errors at all, I would say just go ahead and show them all. In production though you probably don't want to show any. I'm not sure what the best option is right now.
STRICT messages aren't errors though, they're recommendations that can safely be ignored. Showing them when it's not necessary will actually cause problems that wouldn't otherwise be problems by, for example, breaking the XML output of a page.
Fair enough. Feel free not to merge that, though I've seen the other bug hit accidentally, killing the browsers of an entire room :P
I can confirm this, just tried with the example message and it killed the browsers of the whole room 👍
I can also confirm this spectacularly crashed firefox for me.
Merge pull request #71 from Clinteger/master
Fix browser-crashing bug