Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uncaught SyntaxError and Uncaught TypeError #161

Closed
mbiesiad opened this issue Aug 27, 2022 · 3 comments
Closed

Uncaught SyntaxError and Uncaught TypeError #161

mbiesiad opened this issue Aug 27, 2022 · 3 comments

Comments

@mbiesiad
Copy link

Describe the bug
Passing the appropriate parameter in page= can cause errors like SyntaxError and Uncaught TypeError.

To Reproduce
Steps to reproduce the behavior:

  1. Go to: https://presearch.com/search?q=test&&page=%3Cscript%3E%3C/script%3E
    (type for page= as parameter: <script></script>)
  2. Check DevTools Console

Expected behavior
It's secure for mentioned case and appropriate handled.

Screenshots
Errors (DevConsole):
errors

Site view:
issue-1

Site view for smaller size (pay attention to horizontal slider):
issue-small-view

Desktop :
OS: Windows 10
Browser: Chrome (also applies to other browsers)
Version: 104

Additional context
Console:

search?q=test&&page=%3Cscript%3C/script%3E:6 **Uncaught SyntaxError**: Invalid or unexpected token (at search?q=test&&page=%3Cscript%3C/script%3E:6:15)
app.js:115 Loaded
app.js:115 **Uncaught TypeError**: Cannot read properties of undefined (reading 'split')
    at u (app.js:115:1307)
    at parcelRequire.QvaY.axios (app.js:115:1668)
    at f (app.js:1:468)
    at p (app.js:1:544)
    at parcelRequire.ElCy../css/main.scss (app.js:117:41)
    at f (app.js:1:468)
    at parcelRequire.V4IP (app.js:1:771)
    at app.js:1:1023

Info displayed on the site:

"; window.requestQuery = "test"; window.localSettings = {"x-powered-by":true,"etag":"weak","env":"production","query parser":"extended","subdomain offset":2,"trust proxy":true,"views":"/app/views","jsonp callback name":"callback","view cache":true,"view engine":"pug","title":"Presearch","PRESEARCH_DOMAIN":"https://presearch.com","GATEWAY_ADDRESS":"eu-de-1.gateway.presearch.com","OLD_PRESEARCH_DOMAIN":"https://presearch.org","PRESEARCH_ACCOUNT_DOMAIN":"https://account.presearch.com","SEARCH_PROVIDERS_DOMAIN":"https://external.presearch.com","KEYWORDS_DOMAIN":"https://keywords.presearch.com","IMGCACHE_DOMAIN":"https://img.presearch.com","lang":"pl;q=0.8"}; window.PRESEARCH_DOMAIN = "https://presearch.com"; window.PRESEARCH_ACCOUNT_DOMAIN = "https://account.presearch.com"; window.OLD_PRESEARCH_DOMAIN = "https://presearch.org";

Best wishes,
@jejopl
Copy link
Collaborator

jejopl commented Aug 29, 2022

Good catch @mbiesiad! We will push the fix shortly 🙏

@mbiesiad
Copy link
Author

Sounds great! My pleasure, best wishes ✨

@jejopl
Copy link
Collaborator

jejopl commented Sep 6, 2022

The fix has been pushed to production, thanks!

@jejopl jejopl closed this as completed Sep 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mbiesiad @jejopl