1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firewall error

Discussion in 'Forum Operations Center' started by ADG, Jun 14, 2017.

  1. ADG

    ADG Allan

    2,254
    46
    Aug 19, 2003
    New Jersey, USA
    Trying to post a reply in my thread in the Tivo Mini subform and when I submit the post I get a "securi Firewall" error popup. This happens on two different computers, so I have to believe the issue is on your end?
     
  2. Mike Lang

    Mike Lang Administrator Staff Member Administrator TCF Club

    6,682
    281
    Nov 17, 1999
    But you were able to post here.

    Might be something in the post itself.
     
  3. BrettStah

    BrettStah Well-Known Member TCF Club

    26,679
    1,404
    Nov 12, 2000
    San Antonio
    I've had problems trying to post some code snippets.
     
  4. ADG

    ADG Allan

    2,254
    46
    Aug 19, 2003
    New Jersey, USA
    I'm just posting (or trying to post) two simple sentences. And yes, I'm only encountering the error on that one post.
     
  5. ADG

    ADG Allan

    2,254
    46
    Aug 19, 2003
    New Jersey, USA
    Well, I made it just one sentence and it posted. Not sure what the issue was, but thanks for the responses.
     
  6. Jul 2, 2017 #6 of 12
    davidblackledge

    davidblackledge Registered lÜser

    505
    6
    Sep 9, 2008
    NM
    I'm having this problem, now. On developers corner... what is the deal? it's just TEXT ... how is it an "exploit?"
    my post had a partial quote block, and a code block. It failed here, too, but let's see if it works without the code:
    I've got some more detail and some javascript code I'm using. Ends up Mini and Premiere run one version of Opera while Roamio (and I presume Bolt) run another. They have slightly different key code implementations.
    Notably, Thumbs are available after all on the Roamio (and Bolt?), record's value changes on those models, and Info is mapped wrong and requires special handling on those models.

    ... code was here...
     
  7. Jul 2, 2017 #7 of 12
    davidblackledge

    davidblackledge Registered lÜser

    505
    6
    Sep 9, 2008
    NM
    couldn't even post the CODE block without the CODE tags around it!
    Here it is without a more complicated couple of lines as a test. Mostly this was just to show some constants anyhow.

    var OPERA_VERSION = 12;
    var TIVO_VERSION = "A93";

    // TiVo Remote keys that do not map to a Opera TV VK constant.
    var OPT_TIVO_TV_POWER = 15; // ONLY on mini/premiere; also sends a keypress, but event.key is blank
    var OPT_TIVO_TV_INPUT = 5; // not on mini/premiere
    var TIVO_SLOW = 463; // event.key "MediaPlayPause"
    var TIVO_CLEAR = 12; // event.key "Clear"
    var OPT_TIVO_RECORD_MINI = 86; // aka 'v' // also sends a keypress, but event.key is blank
    var OPT_TIVO_RECORD_ROAMIO = 416; // event.key:"MediaRecord" // should be VK_RECORD (not in Opera TV standard)
    var TIVO_RECORD = (OPERA_VERSION > 30)?OPT_TIVO_RECORD_ROAMIO:OPT_TIVO_RECORD_MINI;
    var OPT_TIVO_THUMBS_DOWN = 437; // not on mini/premiere; event.key:"ClearFavorite"
    var OPT_TIVO_THUMBS_UP = 429; // not on mini/premiere; event.key:"StoreFavorite"
    var TIVO_INFO = 457; // VK_INFO may not have this value that tivo remote sends. (on the Roamio, have to check this value as well as VK_INFO)

    // desktop chrome does 173,174,175 for mute, voldown, volup, but keypressup only
     
  8. Jul 2, 2017 #8 of 12
    davidblackledge

    davidblackledge Registered lÜser

    505
    6
    Sep 9, 2008
    NM
    So... the firewall was blocking:
    a try/catch block that contained a "/" delimited regular expression:

    ( /\W(?:OPR|Version)\/(\d+(\.\d+)?)/i )

    Just that part alone works though? weird.
     
  9. windracer

    windracer joined the 10k club

    11,835
    75
    Jan 3, 2003
    St. Pete, FL
    I'm running into the same problem trying to reply to a private message. No code, but I did try to use two double-slashes (//) to indicate how to comment a line.

    update: ah, white text on a white background, that's why the dialog looked blank. Updated screenshot with text hightlighted ... cross-site scripting attach?
     

    Attached Files:

  10. windracer

    windracer joined the 10k club

    11,835
    75
    Jan 3, 2003
    St. Pete, FL
    And when I tried to click "More Option" on my reply, I got this.
     

    Attached Files:

  11. windracer

    windracer joined the 10k club

    11,835
    75
    Jan 3, 2003
    St. Pete, FL
    Can someone please explain to me what, in the attached reply (had to take a screenshot) is causing a cross-site scripting block so I can't reply to the message? I finally ended up attaching the text of my reply as a PNG image so I could reply to the user. :(
     

    Attached Files:

  12. davidblackledge

    davidblackledge Registered lÜser

    505
    6
    Sep 9, 2008
    NM
    Only thing I can see between your and my posts is there must be some heuristic test going on here... once you have enough single-quotes inside parentheses, parentheses inside of double quotes, backslashes inside of parentheses, parentheses inside of curly braces, etc, then it gets suspicious?
     

Share This Page