You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Doesn't look like this has been logged as an issue before, so I'm documenting it here.
In the style of xkcd, I tried plating a specimen with the ID ');console.log('hi');. Fortunately, this doesn't result in hi being printed to the console; unfortunately, it does cause a 500 internal server error:
GET https://127.0.0.1:8181/study/1/samples?term=%27);console.log(%27hi%27); 500 (Internal Server Error)
Looks like it's the ' character (which gets converted to %27) that's problematic.
I don't imagine this is a common use case, but it might be worth addressing?
Edit: also, if this behavior is expected (i.e. the server throws an error if it detects a wacky specimen ID like ');console.log('hi');) then sorry, and feel free to close this.
The text was updated successfully, but these errors were encountered:
Doesn't look like this has been logged as an issue before, so I'm documenting it here.
In the style of xkcd, I tried plating a specimen with the ID
');console.log('hi');
. Fortunately, this doesn't result inhi
being printed to the console; unfortunately, it does cause a 500 internal server error:Looks like it's the
'
character (which gets converted to%27
) that's problematic.I don't imagine this is a common use case, but it might be worth addressing?
Edit: also, if this behavior is expected (i.e. the server throws an error if it detects a wacky specimen ID like
');console.log('hi');
) then sorry, and feel free to close this.The text was updated successfully, but these errors were encountered: