Author: tevruden

psilentasincjelli:

If I ever tell you I’m going to sleep and then you see me posting or liking things online for about an hour immediately after that, I promise I wasn’t lying to you, I’m just bad at going to sleep and it is usually a long process that begins with disengaging from any sort of immediate contact with people (chats, for example) and ends when everything on my screen is blurry and I’m hallucinating plot points I haven’t written yet.

owlpellet:

Barkentin asks the important questions.

#of course he has#how else do you think he won senkha’s heart

brocursion:

barkentin:

brocursion:

brocursion:

…

Ahahah, tumblr that is the laziest thing ever.

I predict the next stop is to do this check server side.

Where it will take an entire five seconds to go around.

tbh i’d like to think that tumblr took a couple more steps than just this to fix the issue and that this was just like, an extra precautionary step, but EVEN SO it would still be incredibly funny bc it’s just so ……………….. i can’t even describe it, like, either someone at tumblr actually thought this would completely stump people OR they think the tumblr userbase is so completely incompetent that they wouldn’t figure it out? yikes

ALSO IF U GOT THE TIME/EFFORT COULD YOU EXPLAIN HOW DOING THE CHECK SERVER-SIDE WOULD BE EASY TO GO AROUND … i’ve got almost no background in webdev whatsoever; i thought usually you want to do validations/checks like this on the backend? 

You do! However when you start letting users remote include code (say like linking javascript) it becomes tricky. They always have the option of obfuscating the javascript they send to you, or taking the remote JS and replacing it with something else after you’ve done the check server side, or being really sneaky and serving you one script and something to everyone else! Which is why you never never ever trust user input. 

brocursion:

brocursion:

NOW I WANNA KNOW WHY IT DOESN’T WORK ANYMORE …

OK I AM SUPER TIRED AND COMPLETELY LOSING IT BUT I KEPT READING THAT WHEN PPL TRIED TO COPY-PASTE THE FIRST BIT OF JAVASCRIPT INTO THEIR CODE TUMBLR WOULDNT LET THEM AND I WANTED TO KNOW WHY AND IF IT’S WHAT I THINK IT IS IT’S INCREDIBLY FUNNY

when i tested it out, it refused to save by giving me a pop-up window that just said ‘woops :(’ (real helpful error message btw) so i started messin around. here’s the original snippet replicated from the post, bolded the important part 

<meta name="if:Enable Know Anon" content="0" /><script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script><script type="text/javascript" src="http://media.pixellab.co/ka/script.js?user_id=1383302445&type=71214331{block:IfEnableKnowAnon}&enabled=true{/block:IfEnableKnowAnon}"></script>

if you change that bolded block name to any other name, tumblr will let you save the code, no error messages whatsoever

on the other hand the names “IfEnableKnowAnons” and “IfTenableKnowAnon“ and evne "IfTenableKnowAnons” (all of which have the string ‘enableknowanons’ still intact, as bolded) both trigger the ‘woops’ error msg 

so … i think …….. i suspect ………. that at least one of the things tumblr did to prevent people from using this code was just to blacklist the string ‘enableknowanon’ and this fucking CRACKS ME THE HELL UP 

disclaimer: coudl be wrong, only deduced from fifteen minutes of trial-and-error in the customize form, not the most rigorous method of ascertaining anything would not recommend 

last note: also think they blacklisted the string “media.pixellab.co/ka/script.js” GOD

Ahahah, tumblr that is the laziest thing ever.

I predict the next stop would be to do this check server side.

Where it will take an entire five seconds to go around.