├── .gitattributes
├── .gitignore
└── README.md


/.gitattributes:
--------------------------------------------------------------------------------
 1 | # Auto detect text files and perform LF normalization
 2 | * text=auto
 3 | 
 4 | # Custom for Visual Studio
 5 | *.cs     diff=csharp
 6 | 
 7 | # Standard to msysgit
 8 | *.doc	 diff=astextplain
 9 | *.DOC	 diff=astextplain
10 | *.docx diff=astextplain
11 | *.DOCX diff=astextplain
12 | *.dot  diff=astextplain
13 | *.DOT  diff=astextplain
14 | *.pdf  diff=astextplain
15 | *.PDF	 diff=astextplain
16 | *.rtf	 diff=astextplain
17 | *.RTF	 diff=astextplain
18 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Windows image file caches
 2 | Thumbs.db
 3 | ehthumbs.db
 4 | 
 5 | # Folder config file
 6 | Desktop.ini
 7 | 
 8 | # Recycle Bin used on file shares
 9 | $RECYCLE.BIN/
10 | 
11 | # Windows Installer files
12 | *.cab
13 | *.msi
14 | *.msm
15 | *.msp
16 | 
17 | # Windows shortcuts
18 | *.lnk
19 | 
20 | # =========================
21 | # Operating System Files
22 | # =========================
23 | 
24 | # OSX
25 | # =========================
26 | 
27 | .DS_Store
28 | .AppleDouble
29 | .LSOverride
30 | 
31 | # Thumbnails
32 | ._*
33 | 
34 | # Files that might appear on external disk
35 | .Spotlight-V100
36 | .Trashes
37 | 
38 | # Directories potentially created on remote AFP share
39 | .AppleDB
40 | .AppleDesktop
41 | Network Trash Folder
42 | Temporary Items
43 | .apdisk
44 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # AwSnap
 2 | 
 3 | #### Update: 4/7/2015 - This is likely patched by now, for more info please see all updates [below](#updates).
 4 | 
 5 | * * *
 6 | 
 7 | [This link crashes Chrome](http://cortexture.net/chromebug/test.html)
 8 | 
 9 | At the time of publishing (April 5th, 2015) Chrome 41 seems to crash on long and/or malformed URLs. The crash only occurs when accessing the link through a webserver (i.e. using file:// will *not* crash).
10 | 
11 | As a proof of concept that this bug has the potential for abuse, [here is a reddit thread that crashes Chrome](http://www.reddit.com/r/webdev/comments/31kumu/this_post_crashes_chrome/) because of the content of a user-submitted post.  Crashing a thread via a comment [is also possible](http://www.reddit.com/r/test/comments/31ktcq/chrome_crash_demo_via_user_comment/).
12 | 
13 | #### Examples URLs that cause the crash:
14 | 
15 | `<a href="http://Lorem ipsum Culpa labore qui culpa enim nostrud eiusmod ullamco anim in dolor consequat voluptate in in laboris consequat dolor occaecat minim aliqua quis id in Duis eiusmod amet id do ex do dolore dolor anim sit deserunt do."></a>`
16 | 
17 | `<a href="http://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.com"></a>`
18 | 
19 | #### Examples URLS that do not crash but look like they should:
20 | 
21 | `<a href="Lorem ipsum Culpa labore qui culpa enim nostrud eiusmod ullamco anim in dolor consequat voluptate in in laboris consequat dolor occaecat minim aliqua quis id in Duis eiusmod amet id do ex do dolore dolor anim sit deserunt do."></a>`
22 | 
23 | `<a href="http://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"></a>`
24 | 
25 | ### Updates:
26 | 
27 | ###### April 5th, 2015 - 8:00pm
28 | 
29 | Confirmed bug in Chrome 41, 42, & 43 on MacOS and Windows in Browserstack.
30 | 
31 | ###### April 5th, 2015 - 9:30pm
32 | 
33 | Confirmed bug in ~~Ubuntu and~~ Chrome OS
34 | 
35 | ###### April 5th, 2015 - 10:00pm
36 | 
37 | Jumped the gun, mixed reports on Ubuntu
38 | 
39 | ###### April 5th, 2015 - 10:05pm
40 | 
41 | Bug occurs on http:// only (https:// works fine)
42 | 
43 | ###### April 6th, 2015 - 12:20am
44 | 
45 | Issue likely tracked down to [this bug](https://code.google.com/p/chromium/issues/detail?id=464270), fixed [here](https://codereview.chromium.org/1007323003).  Thanks to jgunsch for their [submission to HN](https://news.ycombinator.com/item?id=9326347).
46 | 
47 | ###### April 6th, 2015 - 3:20am
48 | 
49 | "Aw, Snap!" is different than "He's Dead, Jim" errors in Chrome- I can't say for certain which were which at this point- I'm pretty sure most were 'Aw Snap' errors (hence the name).  See [proof](http://www.reddit.com/r/webdev/comments/31kumu/this_post_crashes_chrome/cq2r387), hopefully ;)
50 | 
51 | ###### April 6th, 2015 - 9:00pm
52 | 
53 | Looks like the bug/fix linked above is correct, and the latest versions of 42/43 are actually not affected.  Which means this bug should be fixed when Chrome updates to 42.
54 | 
55 | The original reddit thread was [reposted to /r/bestof](http://www.reddit.com/r/bestof/comments/31n1ha/ujlblatt_creates_a_post_stating_this_post_crashes/) and almost made the front page before being removed by the admins (not surprised or offended by this, it was the right move).  I think that's the end of the story here.
56 | 
57 | * * *
58 | 
59 | Thanks to everyone who contributed to the discussion on this, especially [jgunsch](https://news.ycombinator.com/user?id=jgunsch) for showing up with the actual explanation.  And because they don't want any credit - thanks Katie and Oz!


--------------------------------------------------------------------------------