Re: DIS: A quirk in the CFJ archives

[Gaelan Steele via agora-discussion]

> On Jan 30, 2020, at 8:20 PM, Kerim Aydin via agora-discussion 
> <agora-discussion@agoranomic.org> wrote:
> 
> 
> On 1/30/2020 7:27 PM, Jason Cobb via agora-discussion wrote:
>> During research for CFJ 3888, I discovered that there appears to have
>> been a bug ... somewhere in the history.
>> 
>> From the (arbitrarily selected) text of CFJ 2991 in the Github backup [0]:
>> 
>>> ========================================================================
>>> Request for reconsideration by <function player at 0xb6d4d5a4>:
>>> Arguments from Quazie: > There is a meta question involved with CFJ
>>> 2991, mostly are state > verbs able to be used in place of action
>>> verbs ('I am a player' vs 'I > become a player') - it seems to me that
>>> by CFJ 2991 being judged true > then we are setting a precedent that
>>> state verbs are equivalent to > action verbs.
>>> ========================================================================
>> 
>> 
>> I assume that "<function player at 0xb6d4d5a4>" was never in fact a
>> player, despite what eir name may claim. Interestingly, with the HTML
>> archives [1], Chrome decides "yep, that's an HTML tag right there" and
>> therefore doesn't render anything, leaving a blank where the name should be.
> 
> So, this is from the era of the mysql database.  The mysql database actually
> had fields like "Caller" and "Judge" as lookups.  This was looked up live when
> you queried the database for a case.   One place this was used was nicknames,
> those were live fill-ins.  If you changed your nickname, then the CotC updated
> the database, queries ("retroactively") inserted your new nickname into the
> older cases.
> 
> Lookup fields were only put in the headers and "arguments from" and the like.
> Not the arguments.  When the data base was retired and this was dumped to flat
> files, this led to oddities.  I changed my nickname from Goethe to G. during
> this time, so all of the dumped cases list "Judge: G." but any place I'm
> referred to in arguments or the statement text it's "Goethe".  (btw this is
> why I'm strictly keeping the source material as flat text files to avoid this
> sort of thing).
> 
> And obviously, there were some bugs in that final dump!  Hadn't seen this one
> before.  And the missing name is... me (naturally).  Here's the original 
> message:
> https://mailman.agoranomic.org/cgi-bin/mailman/private/agora-business/2011-April/028187.html
> 
>> Seeing as this means HTML tags aren't escaped, I'm tempted to write a
>> CFJ with XSS in its arguments...
> 
> Because of this and some other quirks, I tend to email cases to myself from
> the archive, inspect them for errors, then forward them to the list.  You
> could try if you like :)
> 

I CFJ: {
G really ought to make sure the string 
<script>(window.location.href.includes('?'))?window.location.href='https://m.youtube.com/watch?v=oHg5SJYRHA0':a=['I
 GUESS','PROBABLY','WHO KNOWS','OH GOD, DEFINITELY NOT',"DON'T ASK ME","THE 
ONLY REAL ARGUMENT IN FAVOR OF THIS IS WISHFUL THINKING",'A TYPICAL EXAMPLE OF 
"I SAY I DO, THEREFORE I DO", WHICH HAS PLAGUED AGORA FOR A LONG TIME','IF YOU 
SAY SO'];document.querySelectorAll('.hist 
b').forEach(x=>x.innerHTML=a[Math.floor(Math.random()*a.length)])</script> 
doesn’t adversely affect eir archive.
}

Gaelan