Problem with the Additional HTML/Javascript tab - script editing + SAVE kills Kiwi [fixed in v1.671]
As in the title, the situation is as follows:
I have added a script
<script type="text/javascript">
document.cookie = "last_compression = 1";
document.cookie = "last_de_emphasis = 1";
document.cookie = "last_decay = 400";
document.cookie = "last_slope= 3";
document.cookie = "last_slow_dev = 0";
document.cookie = "last_thresh= -90";
document.cookie = "last_volume= 30";
document.cookie = "last_noise= 0";
document.cookie = "last_wf_filter= 1";
document.cookie = "last_wf_filter_param= 1.3";
</script>
up to version 1.665, any changes I made to cookie values were saved normally (green background snapshot) and everything worked normally. Now, after changing some value and trying to save using the SAVE button in version 1.667, the system shuts down and dies, the Kiwi page does not get up but Linux works. I logged in via SSH to the file system and comparing the kiwi.json file with the running Kiwi, I can see that it is damaged/different.
Line "HTML_HEAD" fragment
from working:
text/javascript%22%3E%0Adocument.cookie = %22last_compression = 1%22%3B%0Adocument.cookie = %22last_de_emphasis = 1%22%3B%0 etc.
Line "HTML_HEAD" fragment
from broken:
text/javascript\">\ndocument.cookie = \"last_compression = 1\";\ndocument.cookie = \"last_de_emphasis = 1\";\ndocument.cookie = \" etc.
I wanted to copy this line and replace it, but it doesn't help, only restoring the system from an SD backup helps
Comments
We've changed to storing text parameters like this in JSON instead of encoded URIs. Extensively tested. Can you email your original HTML_HEAD from kiwi.config/kiwi.json (the one with %HH escapes) to support@kiwisdr.com please? Thank you.
I was able to paste your cleartext shown above into the v1.668 HTML_HEAD text panel and it didn't crash.
But I also see a couple of problems with putting
<script>
in the HTML_HEAD. First, escaped newlines\n
in the JSON get translated to<br>
for the benefit of HTML. But this is bad for embedded Javascript via<script>
. So I probably have to remove that.Second, we don't have cookies anymore. So your
document.cookie = "last_volume= 30";
will have to change to something like:kiwi_storeWrite("last_volume", "30");
If I paste a badly crafted fragment into the text box I can get it to crash (and crash repeatedly on each restart keeping the Kiwi from running). So let me find out what's going wrong there.
I think it's the fault of my bells and whistles in the other tabs (font styles, highlights, bolds, brands, counter/flag scripts, etc.) all an explosive mixture in my trash bin that I need to clean out.
Window content sent to support@
It's my bug if any of that (that used to work) is now causing a problem. I've already fixed the issues mentioned above.
I will also fix the cookie thing so that your old cookie setting script code continues to work. I can do this because there is already code to do a one-time cookie migration to local storage. However the migration will not overwrite an existing local storage value. But if I remove that restriction then your script will work.
Do you have Javascript anywhere else except HTML_HEAD?
Man, that HTML_HEAD you emailed me is just evil, lol. Not only did it crash the server but it corrupted my kiwi.json file.
This is going to take me a while to sort out. Never a dull moment around here!
Nice combo, sorry for the trouble but it wasn't intentional ;) No, the JavaScript was only there
I think the problem was my of my own making. With my latest fix your URL/URI encoded HTML_HEAD works fine and is re-written to kiwi.json as actual JSON which is a little easier to read if you're looking at the raw faile.
But now I've found a new issue. So more work to do before I have a working solution I can release..
Please give v1.671 a try and see if it works. Thanks
I'll let you know in a few hours