Uh... I think I blew the page for =../2 of the SWI-Prolog manual

I just wanted to add a comment regarding the use of =…/2 but now the comment box throws an error when the page is accessed.

That’s because there is some code in the comment and the comment box misses some quoting.

The text in the comment box leaks into the program as a compound term (the Prolog equivalent of an SQL injection)

add_date(item(Type,Ship,Serial),Date,item(Type,Ship,Serial,Date))

and so:

Internal server error

Type error: `list' expected, found `pre([class(code),ext('')],'add_date(item(Type,Ship,Serial),Date,item(Type,Ship,Serial,Date)).')' (a compound)
In:
[129] throw(error(type_error(list,...),_604))
[127] '$dcg':phrase(pldoc_wiki:wiki_words(_654),pre([...|...],'add_date(item(Type,Ship,Serial),Date,item(Type,Ship,Serial,Date)).'),[]) at /home/swipl/lib/swipl/boot/dcg.pl:364
[125] pldoc_wiki:md_section_line(pre([...|...],'add_date(item(Type,Ship,Serial),Date,item(Type,Ship,Serial,Date)).'),[-,-|...],_700) at /home/swipl/lib/swipl/library/pldoc/doc_wiki.pl:536
[124] pldoc_wiki:section_header([0- ...,...],_756,[]) at /home/swipl/lib/swipl/library/pldoc/doc_wiki.pl:470
[123] pldoc_wiki:take_block([0- ...,...],-1,_810,[]) at /home/swipl/lib/swipl/library/pldoc/doc_wiki.pl:163
[122] pldoc_wiki:wiki_structure([0- ...,...],-1,[_886|_888]) at /home/swipl/lib/swipl/library/pldoc/doc_wiki.pl:119
[94] pldoc_wiki:wiki_lines_to_dom([0- ...,...|...],[],_922) at /home/swipl/lib/swipl/library/pldoc/doc_wiki.pl:89

Obligatory XKCD

Exploits of a mom

2 Likes

Ok, looks like the comment got removed and it’s up again. Life goes on!

Always remember LANGSEC. Prolog should be great here. Right?

A message from the presentation Security problems of Javascript:

I guess we created these features without thinking of how we were going to implement these features–
ES Committee member

  • JavaScript is an excellent example of how failing to design with implementation in mind leads to security and other problems
    • It is probably too late to fix JavaScript, but …
      • What ‘JavaScripts’ are we creating today?
      • How can we make incremental progress on software that is already implemented?