Opened 4 years ago

Closed 2 years ago

#17231 closed defect (fixed)

HTML ​ in middle of fingerprint results in corrupted copy/paste

Reported by: starlight Owned by:
Priority: High Milestone:
Component: Metrics/ExoneraTor Version:
Severity: Normal Keywords:
Cc: RaBe Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

ExeronaTor includes ​ in the middle of the fingerprint HTML. Copy/pasting a displayed fingerprint produces a corrupted, invalid result.

If only one place existed where copy/pasting a fingerprint should work properly, this would be it.

Child Tickets

Change History (9)

comment:1 Changed 4 years ago by karsten

Can you be more specific where pasting a fingerprint with that HTML code causes trouble?

And can you think of a better way to make the fingerprint wrap on small screens that works better when pasting the fingerprint into other tools?

comment:2 Changed 4 years ago by starlight

Ran into when pasting fingerprint into a text document in a plain-text editor. Result is extra digits with no indication. Then later copy/pasted from text document to end of https://atlas.torproject.org/#details/ and it did not work. Due to the nature of SHA hashes, there's no such thing as an approximately correct hash and no way to reliably, at a later time, figure out what the correct hash was from the corrupted value alone.

Seems quite bad to me that a legal worker might copy/paste a fingerprint and then weeks, months or years later find it invalid. A pretty small-screen page seems far less important than maintaining the integrity of the string--let it wrap ugly.

comment:3 Changed 4 years ago by starlight

Perhaps should mention that the copy/paste passed from a VM window to an outside-VM application. Copy/paste semantics are unreliable in the extreme--just because it works in one place does not mean it will work in every other.

comment:4 Changed 4 years ago by karsten

New suggestion: how about we print fingerprints with spaces, as in CB7E 7D73 4E28 3123 37DE 322C 1A0E 4DE5 3578 D2AE if we also fix #17115? That would wrap correctly on smaller devices and on printouts (which is probably even more important than small devices) and should solve your problem, too. Thoughts?

comment:5 Changed 4 years ago by starlight

Plain spaces would work fine. But I must say I despise, with prejudice, fingerprints formatted in this way. Requires one to manually edit out the spaces to use it anywhere that matters. And manual editing is well established to be error prone.

Perhaps just use a very small font size. Perhaps a clever HTML mechanism exists to make an object copy with a different value than what is displayed? Then 1B9BA4AF... could be displayed and a right-click copy would pull the full value. Or require that the full FP be retrieved on a minimalist page/pop-up. Or only display the fingerprint once on a line by itself, emit the line on page/visual breaks and whenever it changes.

comment:6 in reply to:  5 Changed 4 years ago by karsten

Replying to starlight:

Plain spaces would work fine. But I must say I despise, with prejudice, fingerprints formatted in this way. Requires one to manually edit out the spaces to use it anywhere that matters. And manual editing is well established to be error prone.

Well, yes, a requirement here would be that most places accept fingerprints containing spaces. #17115 would solve all tools that are using Onionoo as their data back-end. What other use cases am I missing where somebody looks up a relay using ExoneraTor, copies the fingerprint, and pastes it somewhere?

Perhaps just use a very small font size. Perhaps a clever HTML mechanism exists to make an object copy with a different value than what is displayed? Then 1B9BA4AF... could be displayed and a right-click copy would pull the full value. Or require that the full FP be retrieved on a minimalist page/pop-up. Or only display the fingerprint once on a line by itself, emit the line on page/visual breaks and whenever it changes.

These all sound like fine ideas, and we'll have to do something like this anyway once we add ed25519 identities in addition to the RSA identities. Those won't contain spaces anyway, so we'll have to use some other trick to keep printouts still useful.

I wonder if we can find a web designer to help us try out these solutions.

comment:7 Changed 2 years ago by karsten

Cc: RaBe added
Severity: Normal

RaBe, I believe you just fixed a related issue in Atlas (#21459). Do you think we can reuse the fix in ExoneraTor?

comment:8 Changed 2 years ago by cypherpunks

For context, Atlas adopted the zero-width space solution in #12685 but moved away from it in #21350. #21459 was solved by simply adjusting the styling so I'm not sure if its solution is relevant to this ticket.

See the inline patch for my proposed solution. This patch allows browsers to wrap the fingerprint on any character. Selecting the fingerprint is possible by double clicking (or triple clicking when it's wrapped) and when copying and pasting the fingerprint it does not contain any spaces.

diff --git a/src/main/java/org/torproject/exonerator/ExoneraTorServlet.java b/src/main/java/org/torproject/exonerator/ExoneraTorServlet.java
index fe6b853..fb6d82a 100644
--- a/src/main/java/org/torproject/exonerator/ExoneraTorServlet.java
+++ b/src/main/java/org/torproject/exonerator/ExoneraTorServlet.java
@@ -836,8 +836,7 @@ public class ExoneraTorServlet extends HttpServlet {
       for (int i = 0; i < tableRow.length; i++) {
         String content = tableRow[i];
         if (i == 2) {
-          content = content.substring(0, 20) + "&#8203;"
-              + content.substring(20, 40);
+          content = "<div class=\"fingerprint\"" + content + "</div>";
         } else if (i == 3 && content == null) {
           content = "("
               + rb.getString("technicaldetails.nickname.unknown") + ")";
diff --git a/src/main/webapp/css/exonerator.css b/src/main/webapp/css/exonerator.css
index a94fd54..386d49e 100644
--- a/src/main/webapp/css/exonerator.css
+++ b/src/main/webapp/css/exonerator.css
@@ -25,6 +25,11 @@ body {
   margin-bottom: 15px;
 }
 
+.fingerprint {
+  word-break: break-all;
+  word-wrap: break-word;
+}
+
 pre {
   white-space: pre-wrap;
 }

comment:9 Changed 2 years ago by karsten

Resolution: fixed
Status: newclosed

Thanks for the suggestion! Tweaked a little, pushed and deployed. Closing.

Note: See TracTickets for help on using tickets.