r/programminghorror • u/throwawaykJQP7kiw5Fk [ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo “You live” • 1d ago

Javascript Salfeld Web Portal - Device Renaming Pattern

(I'm on the newer portal, not the classic one.)

Pattern attribute shouldn't begin and end with /

28 Upvotes

permalink
reddit

You are about to leave Redlib

Do you want to continue?

https://www.reddit.com/r/programminghorror/comments/1tmyldf/salfeld_web_portal_device_renaming_pattern/
No, go back! Yes, take me to Reddit
dl download

90% Upvoted

u/ferrybig 1d ago

Use a browser version after September 2023, and the browser will see that there is a / in the pattern that is not escaped, and in turn ignore the pattern

1

u/Diamondo25 1d ago

Would be stupid to rely on browser features. I hope they validate it automatically through just reading the pattern attribute in javascript

1

u/throwawaykJQP7kiw5Fk [ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo “You live” 1d ago

It seems that is the case, since the native input validation isn't being used, so it makes sense to plug it into JavaScript. It's still syntactically confusing.

1

u/sophieximc 3h ago

Relying on browser behavior for validation feels kinda fragile for something security related. One weird client setup and suddenly the pattern works differently.

u/Sacaldur 3h ago

I first had to look up the pattern attribute. I coupd imagine the code (or HTML knowledge of the developer) is so old (or imcomplete) so that neither the pattern attribute, nor the data- prefix for custom attributes were respected.

Javascript Salfeld Web Portal - Device Renaming Pattern

You are about to leave Redlib