Careful that this library last I used it (2020 or so) used a particularly insecu... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

sph 65 days ago | parent | context | favorite | on: Phoenix LiveView 1.0.0 is here

Careful that this library last I used it (2020 or so) used a particularly insecure encoding of the cursor that basically allows remote execution. Not sure if they ever addressed it.

Here's the fork I created at the time to work around some of these issues: https://github.com/1player/paginator

gregors 56 days ago | [–]

This looks like it was fixed

* https://github.com/duffelhq/paginator/blob/main/lib/paginato...

* https://github.com/duffelhq/paginator/blob/main/test/paginat...

ethbr1 64 days ago | | [–]

Thanks to thread for the informative responses! (And the useful README on your fork/the upstream)

I try to assume someone's thought of better than the best I could, or at least learned the hard way what edge cases need to be handled.

cess11 65 days ago | [–]

Thanks for pointing that out.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact