Dynalist is vulnerable to Zalgo

Dos · September 20, 2017, 11:51pm

Steps to reproduce

Starting from scratch, what are the steps to make the bug happen? The fewer the steps, the better.

Copy-paste Zalgo everywhere

Expected result

What do you expect to see after carrying out the steps above?

Lack of negative consequences like text bleed or slowness

Actual result

Instead of the expected result, what happened?

Text bleed is all over the place and Dynalist starts becoming unresponsive

Environment

Which operating system are you using? Which browser are you using? If you’re using a desktop or mobile app, what’s the version number of Dynalist?

Windows 8 x64 Chrome latest stable, however it happens everywhere.

Additional information

Anything else you think would help our investigation, like a screenshot or a log file? You can drag and drop screenshots to this box. For large amount of text, try putting them into something like Pastebin.

I pasted very little of it in fear of breaking my own Dynalist.

Additional comments

While this might not seem important, moderate zalgo-proofing should be done everywhere where there are collaboration features present. For an ok example see YouTube comments (try pasting something massive there).

To save a google search for anyone who doesn’t know how to create that - http://www.eeemo.net, among many others

Erica · September 21, 2017, 12:04am

Thanks for reporting. I have no idea how one would go around solving this though, @Shida?

Also @Dos have you tried other fonts, like “System”? (Not sure if this is related to fonts, just throwing out ideas)

Dos · September 21, 2017, 12:20am

No no, this behavior is sort of supposed to happen because it uses regular unicode capabilites, and the font doesn’t matter.

However it is possible to limit text bleed on other fields (example from youtube:
)
, and slowdown was weird and wasn’t supposed to happen.
Even opening file pane was slow.

Just to be clear - this is a very minor quirk. Very few sites protect against this.

ps. And to be extra-clear - this is definitely outside normal usage patterns

Erica · September 21, 2017, 1:36am

Got it! Thanks for the clarification.

We’ll take a look at this when we have the bandwidth then. Thanks again!

Shida · September 21, 2017, 6:52pm

I believe anyone trying this is probably not doing it maliciously, and thus it’s highly unlikely that it will affect other people. I’ve taken a quick look online but I have not found documentation on protection mechanisms.

Dos · September 11, 2019, 9:43am

It can be done maliciously (or rather, as a prank), becauses it allows text from one field to overlay text in other fields, say, to block other person’s comment from being readable.

This is fairly bening, but I think pretty much all sites are protected nowadays, as opposed to couple of years ago when most sites weren’t.

For example, see how THIS site handles this:
(it doesn’t allow bleeding out into other regions of the page, instead it limits the comment to just it’s own space, and if you copy paste the text into dynalist the bleeding will be all over the place)

Dos · September 11, 2019, 9:44am

Z̶̡̠̯̦̘̪̖͈̙͖̺̯̟̱̺̫͕͎͈̾͊̂ͭ̊̐ä̴͇̱͙͔̲̲̠́̽̔͋̅̎̍ͯ̌ͯͨ̔ͭ͒̋ͯͦ̄͞͝ͅl̢̛ͯ̾͊̀ͭ̄͏̛̝̼͈̺̣̼̰͚͖̞͝g̾̋͂ͥ̋ͭ̐҉̴̢̼͇̲͚̀͞ơ̥͓͓̼̗͇͚͍͚͔̳̮̤̪͙̪̒͗ͮ͑̏ͯ̆̂ͮ̅̈̿̆͝ ̡̛͙̜̦̖̝̫̓͆̉̃͛ͯ̃̚͝͡t̡̮͇̯̙̞̮͔̙̯͈̰͈̫̘̫͓ͤ͂ͪ̊͊̇̿̎͛̃͂ͬͭ͌̊͋ͣͥ͡é̛̮̩̞̰͕̦̝̯̭̲͕͚̫̞̘̦͙̗̊̅̚͜͢͠ś̞̯̭̮̳̝̱͈̱̰͖̞̻̬͓͖͈̅ͩ̆̓͛ͯ͜͜ţ̛̣͖͔̣̝̩̣̝̱̠͍̬̮̜͌͐̀ͩͫ̃ͮ ̵̨̳̞̭̺͉͇̬͚̩͍͎̟͚͙͚ͩͪ̌̉ͩͮ̓̆ͧ̂͐ͦ̀͢Z̸̡̿̍̍͗ͦ̀̕͏̝̱͚͓a̛͓̺͎̣̣̗̹͓̲̝̭̱͉̹̯͓͕͔ͤ̄̿̂͌̿̈́̾̇̾ͯ̋ͬ͑̓ͯ͗̐͛͘ͅļ̛̜̼̟͇̼͎̺̠͚͔̮̊̈́̓̈́̂̈́̃̎̄ͩ̃ͨ͑̓ģ̷̧̝̘̪̜̟͉͖̯̫͚͎͙̠̺̭̯̤̿ͥ̽͆͌̾̉͞͞o͌̆̆̔̆̓ͣͮ̂͗͗ͬ͋̓̄͜͜͝҉̴͉͎͓͉͔̥̮͓͕̳̖̼̲̭ ͉̝̯̜̲̳̜̑̌̌̓̑ͧͧͫ͒͡͡ͅt̼͚̞͓̦̞̉͐̅͗̃̐̀ͯ̋ͧ͜e̴ͬ̑ͫ̽ͥ͏̛̳̟͈͕̺̦̯̙̺̻͖̣͠s̛̉̓̀͒̐̔̅̌̈́̅̚͏̨̲̗̹͚͖̺̰͉͈̖͖͠t̨̧͍̻̹͇̜̞̖͓̟̩͓̹̝͎̅̄ͤ͆̊͐ͫ̓ͨ̔͗͆̊̊́
̛ͣ̊ͯ͊͋͛̑̋̒̓ͩͨͯͩ̐͏̛̝͇͚͎̀Z͇̗̭̝̭̩̻̮̐͛̈̏ͫ̔̑̀̓͞͠ͅa͗͒̾̿̔̐̌̋ͥ͊̋ͭ̊͑̒͊͊̕͟҉̵͕̙̼̮̖̭̞̜̬̗̰̗l̶͚͇̜͔̝̯͓̬̲̺̘̮̺͍̩͚̣ͬͣ̈́̓́̄ͦͪͮ͆ͫ͂̂ͥ̍̀̚͟ͅḡ̸̶̛̯̱̥̦̘̹̗̺̬̰̫͖̋̌̔̆̈́̋̍̍ͭ̿̀ö̵̭̣̭̭̙͙͚̞̰̙̼̜͚̰̏ͧ̈́̎ͅͅ ̀ͦ͗ͭͪ̊ͦ̑ͦ̈̈́ͪ̿͒̐ͯͪ͗̚͡͡҉̡̖͔̺͇̺̮̝̫͉̹̤̖̣͖͝t̴̵̢ͫ̈́̄ͬ͛̊҉̶̠̩͔̹̫̥̝̲̰e̸̵̖͈̯̰̤̮̮̼͓̣̤̺ͮ̍̔ͯ̌̆̆ͧͧͩ͛̅̚͟ͅs̸̢͕̳̼̗͎̣͙̯̳̻͇̋͛̔͗ͭ̈̉̓̈ͯ͒̉̐̉̀͒ͣt̸̯͉̰̗̯͕̬̼̀͊̇ͯͤͦ͗ͥ͗ͥ̐ͦ͞ ̶̙̮͓̜̲̙̖̬ͭ̇̍ͭͪ̽͗͟͡Z̷̛̟͚̥̘̻̫̺͎̦̳̞̜̟̩̻͙̻̎ͬ͂ͫ́ͅaͨ̋̈́̈ͫ̇̓̋̿̋ͯ҉̡̞͇̘̮̥̦̬͎̻̜͚̗ͅl̴̛̥̼̰̝̱͚̠̺̖͎̀ͧ̏̐ͦ͆̓̏͒͒͂ͭ̌ͯͫ͜͟g̸̳̰͇̙̮̣̩̹͈̻͖͈̬̟̱̦̣͒̑̉͆̄̈́̎̒͂̊ͨ̾͢͜͡ͅơ̷̤͓͙͕̪̗͔̜̞̮ͭ͑ͣͬ̅̆͆͂̑̂̈́͡ ̢ͭ̎͛̉ͦ̿̏͏̸̰̬̯̣̮t̂̊ͩ̈́̋͏̺̲̦̖͕͈̭͓̻̥̦͚͍̙̼̰̀e̱̳̘̦̟̮̣͓̺̭̤͍̗͙͛̊̽̿͒ͨͯ̕͜s͌͆̂ͦͣ͌͒͊͏̶̷̦̝͎̮̦̠̺͈̻̫̭̻̫̗͈͇t̷̞̖͙̣͚͇͙͇̗̗͓͈̫̪̲̼̮͇͋̓̊̌ͪ́̔̽͂̓̒͋ͫ̈́̈̑̽̕
̷̴̺̹̫̜̗̮̼̼̞̘̝̋͌ͥ̓ͣ̾̓̆͛̆̈́͆͌̈́̚Z̷͇̗̻͎̣͍̹̺̹̼̤̻̣̞̮͕͇ͭ͑ͫ͒͗ͥ͌ͩ̐͌̆̌ͯ̀̚͠͡͝ͅͅą̖͉̲̺͇̖̙̊͌̃̾ͭ̔ͮ͠ͅl̽ͦͫ̇҉̴̩͉͈̦̼͎͓͓̝̤͙̫͍͙͘͠͡g̛̪̙̮̼̖̦̦̝͕̫͇̦̱͕̙͇͍ͮ̓ͩ̋̿̾̽̍̐͂͌̎̈̍̿̚̚͘͝ǫ̴̮̭͚̟͕͈̻̓ͨ̄̑̈̐͋̀̆̓̿ͧ̓ͭ͊͝ ̧̝͔̭͆͋̌̄̈̓ͬͮͫ͜͝͠t̛̛̥̖̻̤͚͇̰̯̬̙ͤ́͆ͨ̌͡͡ẹ̣̹̘͚̞̼̗̜ͤ̉ͣ̿ͬ̓̆̔̓͂̈́ͧͥ̊ͫͯ͌̈́ͦ̀͘ŝ͛͗ͫ́͆͠҉̙̭̲̤̪͙̜͘͜ͅt̓ͣ̒̂ͨ҉͚̫̗̗̲̙̲̯͍̻̻͢ͅ ̵̸̋͒̉̎ͬ͐ͫ͗͋̇̅͐ͮ͘͏͈̟͎͙̻̘͡Z̡͒̉̌͋͏͏̡̖̱̖͉͉̻͉͚͍̟̝a̋ͥͫ̒̾ͩͮͧͭ̍̽̈ͣ̿ͨ͗̆̍̚҉̛͏̣̯͉̰͈̠͚̖̦̰͔̙͇̦͎͓ͅͅl̲̰͈̹͇̺͚͚̤̱̗͔ͯ̒ͩ̀̇ͦ͐͋̾͑̃ͩ͑̐́̚̕͡gͬ͆ͣ́͌̽̒̐̒̒̌̆̐̅͏͏̷̨̡͇̲̻̗̞̩ó̴̧͖͍͇͚̹͉͇̪̟̙̘̜̹͔̤̿ͪ͛̈́̏͆͑̎͂̉̾́̕ͅ ͆̓̂͊̏ͩ̏ͩͯ̑͂̉͏̴̦͇͍̬̱̖ͅt̶̨̮͕̬̣̟̝͆̇̀͛̓ͣ̀̎ͥ̾̾͒ͭ͒̆͟ẻ̛̐̋̎͆̂ͦ̂̋͟҉̢̛̬͙̞̻̹̯͓͈̝̬̟̯͎͍̻͚̗̼̰s̶͑̉ͯ̑̂͗͂ͩ͗̂͂̐̀̀̚͞҉͉̣̺̞̱t̸̷͈̼̖̬̦͕̪͓̯̺̺̞̳̯̪͇̥̣͂ͧ̓̇ͫ̒̆ͭ͊̋̀̍

Erica · September 11, 2019, 4:41pm

Thanks for the demo!

Raymond_Gaddis · January 24, 2020, 10:05am

here is best alternative of zalgo text try this Zalgo Text

Ț̸̳̙̟̩͈̻͔̰͎̲͚͕̑͛̈̒̊̓́͗̇̉͋̽̐͝ͅh̵̡̛͍͉̤̍̎́̀̏̓͗̀́̽́̎͆̌̓̕ͅî̷̢̛̗̆̂͐̈́̋̍̓̓͝͠͝s̶̡̳̗͔͖̼͈̤̟̾͐̚͠ ̵̤̖͖̋̇́̄̉̀̚͝ȋ̸͉̰̤̯͒͆̈̍͋͆̓̀̈́̆͑̎̚͘̕͠s̸̡̛̾͊̉̈́͛͐̾͗̆̒̊͂͘̚ ̴̹̼̦̲͎̀̓̀Z̷͈͗͐̈́̒͌̎̿̂͗̃̊̔a̸̧̞̮͕̦̥̗̰͇̗͚̰̬̻̥̾̿͑́̽͋͂̍̿̾̋̉̏̕̚l̵̨̧̫̙͈̻͈̪̼͕͉̜͕̙͉̺̀̏͒͋̄͠ǧ̷̪͍̗͙̯͖̞̫̜̈́͛̈́́̎̃̋ơ̷̢̨̘̭̜͚̼̼͎̓̂͌̅́̿̐̀̊̈́̈̽͆̚͜͝ ̴̛̗͇̩͉̯̱̠̗̼͔͇̲̌̿͒̑̏͗͛̎̌̏͋̾̌̎̋T̷̼̽̔͗̔͊e̵͈͒̍̈́̉̐́͜͠x̵̲͈͈̀̀͊̂̑̇̎̅̌̏̀̚ͅṯ̴̨͈̔͋͘ͅ