• Davide (unregistered)

    Theoretically speaking, this is not really a solution but more like sweeping the dust under the carpet. Who knows which other corruption their stupid email client will perform, the customer should not get used to Marge's company fixing what the ISP is doing wrong.

    More pragmatically, since to the customer it does indeed appear that the problem lies with Marge's password reset tool, I would have first explained where the real error is, and then offer to implement a "ISP compatibility feature" for a very small sum. If the sum is reasonable then everybody is happy and no wrong precedent is established.

  • Hanzito (unregistered)

    In case Davide hasn't said so already: clbuttic!

  • Ginssuart (unregistered)

    Yeah great… any day now we’ll be reading an article where Marge’s successor complains about inheriting a codebase with a method that helpfully hardcodes the typo in ‘noeTimeToken’. Because fixing the typo itself would’ve just been too easy, right?

  • (nodebb)

    Oh noes!

  • AzureDiamond (unregistered)

    thats what happens when you sanitize with a string replace instead of actually parsing the html. also super easy to get around: window['oxnclick'.replaceAll('x', '')] = () => console.log("pwned")

  • Vera (unregistered)

    Due to the all-caps title, I thought this was going to be an error due to No-E-Time-Token.

  • (nodebb)

    Isn't there also a problem if the token itself contains on? Less likely if the firewall only checks for on at the beginning of a word, and not an issue if the token is a hex number, as is often the case.

  • Argle (unregistered)

    OK, this comment might be weird of me, but the other WTF is a German who doesn't speak English. The French arrogantly like to pretend they don't speak English when encountering American tourists, but they all learn English in school. The Germans are the same, but in my experience aren't jerks about it like the French.

  • (nodebb) in reply to Argle

    The French arrogantly like to pretend they don't speak English when encountering American tourists, but they all learn English in school.

    Which is not to say that they are actually good at speaking English, mind you, something that I've been reminded of from time to time during the 16 years that I've lived in France. (I don't speak French perfectly, mind you, but I'm better at French than a substantial fraction of my colleagues are at English.)

Leave a comment on “Classic WTF: NoeTimeToken”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article