crashes when loading feed

  • I attempt to load my feeds (through “Everything”), it just crashes to a blank screen.
  • I narrowed it down to the feed by going through each one at a time.
  • I find some javascript errors in the console.
  • The article itself from css-tricks has some dummy javascript for reference
  • Newsblur seems to be trying to load this dummy js

not that big a deal to get around as it’s just one feed item but I’m bringing this up to maybe mitigate similar problems in the future. Video of the problem here:…

This is the culprit article:

It’s trying to load that javascript from that article, which it shouldn’t. Also possible XSS vulnerability? If those js sources actually existed, wouldn’t they actually run?

I’ve replicated this in the latest Safari, Chrome, and Firefox on Mac OS 10.7.2


Wow, what a bug. Ok, so no it’s not a security vulnerability. I strip script tags during feed parsing. What’s happening here is the client-side text linkifier I wrote, which links plaintext URLs, is accidentally parsing a link in JavaScript, which is then overwriting the window with a document.write.

Deployed a fix and pushed. Thanks a million! You helped make this an almost instantaneous fix by providing that story link.

1 Like