posted by
martyb
on Tuesday May 01 2018, @07:03AM
from the department_text dept.
20180501_110533 UTC
New story submitted using 'new' on admin bar and clicking immediately on 'save' button.. this is the "Intro Copy"This is the "Extended Copy"
This discussion has been archived.
No new comments can be posted.
post-post-preview: Conclusion, the token ``&v e r s i o n = N I V ;'' is being treated as an entity which gets disappeared.
We could leave unrecognised entities alone, but that might mean we are being fooled into injecting unknown evil into the page.
Note - even with the & expressed as &, the above URL is malformed. The following query string in a URL:
?search=Revelation+3%3A14-22&version=NIV;KJV;NKJV Should be interpreted as:
search=Revelation+3:14-22
version=NIV
KJV=
NKJV= because ';' is exactly the same type of separator as '&' is.
So this particular case is *not* fixable, their webserver's broken.
(Score: 0) by Anonymous Coward on Thursday July 19 2018, @06:25PM
Plain Old Text with the wrapper:
https://www.biblegateway.com/passage/?search=Revelation+3:14-22KJV;NKJV [biblegateway.com]
(post-preview: which becomes the link: https://www.biblegateway.com/passage/?search=Revelation+3:14-22KJV;NKJV [biblegateway.com] )
without:
https://www.biblegateway.com/passage/?search=Revelation+3%3A14-22&version=NIV;KJV;NKJV [biblegateway.com]
(post-preview: which becomes the link: https://www.biblegateway.com/passage/?search=Revelation+3:14-22KJV;NKJV [biblegateway.com] )
post-post-preview:
Conclusion, the token ``&v e r s i o n = N I V ;'' is being treated as an entity which gets disappeared.
We could leave unrecognised entities alone, but that might mean we are being fooled into injecting unknown evil into the page.
Note - even with the & expressed as &, the above URL is malformed.
The following query string in a URL:
?search=Revelation+3%3A14-22&version=NIV;KJV;NKJV
Should be interpreted as:
search=Revelation+3:14-22
version=NIV
KJV=
NKJV=
because ';' is exactly the same type of separator as '&' is.
So this particular case is *not* fixable, their webserver's broken.