Coding or just (uh-oh,)conspiracy? Window is a bad word. ;)

I have the feeling I'll be told by an owner or Super Mod that this has been covered Numerous Times, but why can't a person type the word window. with a period behind it??

For all those not behind the scenes or completely against the grain here and Ignorant, I type w i n d o w where it showed " _ " .

So, I know I am an idiot exasperating S.O. , but please tell me (kindly?) why that might be?

I've asked other similar sorts of questions and asked for info on when the kinks might get worked out and if there would be a central sort of thread or topic on it, but got no answer... (besides sometimes being told with an exasperation that almost emanates from the print like smoke, "I've said it numerous times")

Yes, you will. It's been brought up several times already. We believe it has something to do with the coding of the page, but aren't entirely sure what causes it.

originally posted by: Chamberf=6
I have the feeling I'll be told by an owner or Super Mod that this has been covered Numerous Times, but why can't a person type the word window. with a period behind it??

For all those not behind the scenes or completely against the grain here and Ignorant, I type w i n d o w where it showed " _ " .

What I find very interesting is that, when I reply to your post, I see the full text of your reply in the editor rather than the underscore! So the data is being held in the database and passed to the page at least.

In fact, the _javascript for the replyto function makes an ajax call, which is retrieving the text (including the missing word shown in full) from the database and displaying it in the reply [window]. As an ajax call it doesn't need to refresh the page but inserts it directly in the #message div.

This would suggest to me (making some wild assumptions about how the forum software works) that the php responsible for generating the initial page is filtering it after it is extracted from the database. So, at some point in the chain between the db call and echoing the data out, it is doing something funky.

Data is normally validated before going into the database to prevent code injections, it seems really odd for it to be happening once it's extracted. It could be part of a language moderation tool where you might want to keep the data intact but prevent some words, ie swearwords, from being shown to users - for example, where people can choose to turn on/off a swear filter.

When you use reply you are making an ajax call to a different bit of code so it is not being parsed in the same way. Once the post is made, the page is refreshed, the filter now has the opportunity to work and you're back to seeing window.

It might be worth noting that the word window followed by a period has specific usage in _javascript, used as a way to access the browser [window]. It might possibly be connected to that as a way of preventing malicious _javascript being introduced into posts? Otherwise I could ust post something like w i n d o w.open("http://www.google.com", "_blank", "width=200, height=100"); (don't worry, it deliberately won't work!) and cause merry havok.

It's very intriguing, actually. A proper ATS mystery!

edit - I notice it is also adding an underscore to the word _javascript, presumably to prevent it functioning in a malicious way.

a reply to: EvillerBob

For One, I didn't know there was: a peg beyond "Evil Bob",

Two: holy Crappadodia (yeah look the mash-up up** geekos ), man maybe you should be U2U'ing or MSMing S.O. or whatever they hell they call it on ATS now.

I saw a glitch and you saw I don't know what....Neo chosen One view?

Beyond me man.

IDK

Non mea lingua. (??)

originally posted by: Chamberf=6
I saw a glitch and you saw I don't know what....Neo chosen One view?

On the other hand, show me a car engine and all I'll see is "some kind of sorcery and witchcraft". Each to their own.

It didn't occur to me yesterday, but this is what I think is happening.

When you click on a thread, you are taken to a php page that pulls the data out of the database for the posts that it wants to display. The code then scans through each post, identifying "protected" words such window and _javascript. It then makes them "safe" by adding an underscore to the front, preventing them being used as part of an attempted hack. It seems likely that the "protected" word here is window[period] rather than just window. This may or may not be part of the problem in fact. Window on its own seems a very odd word to isolate.

Let's take a completely wild guess at debugging without access to any of the relevant information, if for no other reason than it seems like fun.

Where I think it might be going wrong is that at some point the software is likely to be loading that protected word into a variable, adding the underscore, then outputting this new variable in its place. Something similar to the following pseudocode:

$badword = "window.";
$safeword = "_" . $badword;
echo $safeword;

For whatever reason, the php script is not setting $badword probably, so it is an empty variable, or is not concatenating the underscore and the variable. This means that $safeword simply becomes "_".

What is a little odd is that it only affects the one word - or only one has been noticed so far. The problem doesn't replicate with one of the other protected words identified earlier in this thread - _javascript. You wouldn't usually have a separate line of code for each possible word, you would instead have an array of protected words and then loop through them, applying the same process to each word, to avoid writing out the same repetitive bit of code. If that were the case, the same problem would be expected to show up on all of the protected words. This doesn't rule out but certainly points away from it being a "coding" error and more likely a mistake in a data array.

This leads to some possibilities of interest.

The code may work on a paired list - in other words, rather than just adding an underscore each time, there is a list of replacement words, so the script will replace each instance of $badword with $safeword. In this case, the $safeword associated with window[period] has not been set correctly. To my mind, the most efficient way to handle this process (if using a bad/safe pairing rather than just adding a hyphen to the bad word) would be through a string replace function, similar to the following code:

$badwords = array("javvascript", "combatwombat", "windoze.");
$safewords = array("__javascript", "_combatwombat","_");

$postouput = str_replace($badwords, $safewords, $postoutput);

Notice in that example that I "forgot" to add a full replacement for "windoze.", so this code would replicate the issue we see here.

This is what I would look for first if I were debugging it. There will be some kind of similar process and that is most likely where the error is to be found.

I'd love to see the bit of php that processes the page output. It's not going to happen, but the curiosity will be driving me mad for ages!

I noted this also lately and was wondering what kind of pejorative meaning the word "window" could have.

How did you manage to get it on screen in that sentence?

originally posted by: EvillerBob
It might be worth noting that the word window followed by a period has specific usage in _javascript, used as a way to access the browser [window].

Or did they change it meanwhile? Test: Window window windows door

Edit to add: Seems to work now.

a reply to: Chamberf=6
One thing that's come out of previous discussions is that window is a bad word only when followed immediately by a full stop.
You can read; window
You cannot read; window.

originally posted by: Siddharta
I noted this also lately and was wondering what kind of pejorative meaning the word "window" could have.

Ask any Linux user, we can think of loads of them

a reply to: Siddharta

Ok, to check now, with a period behind it...I will type w i n d o w.

window.

ETA: that may not have been fixed.

originally posted by: DISRAELI
a reply to: Chamberf=6
One thing that's come out of previous discussions is that window is a bad word only when followed immediately by a full stop.
You can read; window
You cannot read; window.

In fact it's case sensitive so you can try a few different variations. The following list is broken down into two columns. The left column shows what I want to write (with the last w changed to a vv so the list will display) with the right colum showing what the forum actually outputs.

windovv - window
Windovv - Window
.windovv - .window
.windovv. - .window.
windovv. - window.
windovv.. - window..
windovv? - window?
Windovv. - Window.

Which all strongly suggests a case sensitive search-and-replace function of some kind, being called during the server-side processing (ie by php when the page is requested by the viewer), but not being called during client-side processing (ie by _javascript following an ajax call when you press the quote button, though if you preview or submit then the output appears to be processed server-side).

a reply to: EvillerBob

Interesting.

So, saying that word with the first letter capitalized followed by a period works.

Who writes like that.

I am typing Window.

Ok, yeah that works, as well as completely mangling the word and misspelling it.

originally posted by: Chamberf=6
a reply to: EvillerBob

Who writes like that.

People Who Think That Everything They Say Is Very Important!

a reply to: EvillerBob



Second.

a reply to: EvillerBob

When you click on a thread, you are taken to a php page that pulls the data out of the database for the posts that it wants to display. The code then scans through each post, identifying "protected" words such window and __javascript. It then makes them "safe" by adding an underscore to the front, preventing them being used as part of an attempted hack. It seems likely that the "protected" word here is window[period] rather than just _ This may or may not be part of the problem in fact. Window on its own seems a very odd word to isolate.

This sounds about right too me and I wonder if .document screws up aswell

originally posted by: VirusGuard
a reply to: EvillerBob

This sounds about right too me and I wonder if .document screws up aswell

I was tempted just to go through a list of possible words, but then realised it would start crossing the line between "interested tinkering" and "seeing what will make the forum software explode"...

It would be interesting if something like this would work: window.

Now you have to work out how I did it

Edited to add: this is the most fun I've had on ATS for ages. That's just a tiny bit sad lol...

a reply to: EvillerBob Okay, being on ATS for some years I dare to do the first guess:

You are an alien?

or

You are Russian?

or

You have another dead point than we regular people have.

or

You are simply a genius.

Funny game after all those frustrating discussions, btw.

a reply to: EvillerBob

Did you do this? window.

originally posted by: Siddharta
a reply to: EvillerBob

Did you do this? window.

Indeed I did. As noted in my previous posts, if you quote a reply then you will see all the hidden characters!

a reply to: EvillerBob

Ok, I'm copy/pasting what you used to make that word show up with a period...just to see something:

window.

Hmm....
Well ok.

In my reply window it was..god , I can't even recall exactly..&8window8

...Ahh window & 8 but w/o spaces is that right?