Vialect Bug Bounty;
- Contact us and let us know you are interested
- We will send you an installer or an IP address
- Confine aggressive/damaging testing to the installer/IP we provide
- Keep your findings confidential until we fix the bug (same day we hope)
- We pay whenever we make a change as a result of your bug report.
- Send us a report with enough information for us to reproduce the bug
- We will reward you (You will not be prosecuted)
- Public credit and thanks
- Payment (varies by severity of the bug up to $1000 per bug)
We thank VioPoint and All Covered for Testing Noodle.
mailto has no defined limit on the number of characters but there are limits in practice (as of 2015)
- Apple Safari
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
- limited by 16GB RAM
- Mozilla Firefox
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0
- limited by maximum string length
- Google Chrome
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
- limited without explanation
- Microsoft Internet Explorer
- Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko
- limited without explanation
- Mozilla Thunderbird
- 2097132 works in 1 second
- 268435455 uses 100% CPU for 2 minutes but fails to render the body and is not usable
- version 38.3.0
- 2097132 works in 5 seconds
- 268435455 uses 100% CPU for a long time (more than 5 minutes)
- version 2.38
- Apple Mail
- 500000 works in 14 seconds
- 2097132 uses 100% CPU for a long time (more than 5 minutes)
- version 8.2
- Microsoft Outlook
- trims any url to 2070 in 1 second
- version 2013
There is a Microsoft Office bug (2019105) that will attempt WebDAV windows authentication from non WebDAV links. To work around this bug the server can specify the "Content-Disposition" header as an "attachment" (requesting the browser save the file instead of opening it). Microsoft Internet Explorer will still ask if you want to open the file but will not attempt WebDAV. When making links with ShowItemData.po use the "download" in place of the "filename" parameter. For example:
Safari (GET/POST) requests sometimes block other requests.
In order to keep Noodle responsive we have disabled the instant features of Noodle on Safari.
We don't recommend using Safari; we do recommend Chrome, Firefox, and Internet Explorer.
The "cross site scripting filter" (xss) on Internet Explorer v10 will cause various problems with Noodle.
You can leave it on for every other site.
Please disable it for "trusted sites" as shown in the images below:
Some browsers incorrectly cache HTTP 302 "Found/Moved temporarily" and 303 "See Other" redirects as if they were 301 "Permanent Redirect"s.
The "Too many redirects" error can be temporarily fixed In the "Safari" menu by selecting "Reset Safari".
Disabling "Use a prediction service to load pages more quickly" is advised.
There is a limitation of the PostgreSQL installer if you are using windows domains.
The installer will need to make a posgres user that have write permissions on %PROGRAMFILES%\Postgres.
If the PostgreSQL is/will-be unable to do so, please setup the permissions beforehand. Adding write for "Everyone" or adding rights for a new postgres user with the the default password Pgsq1p@ssword will avert this limitation.
If you tried a normal noodle install and you have a black "upgrade in progress" screen then this is likely the problem. There is no need to reinstall noodle; just uninstall PostgreSQL, set up the permissions, download the PGInstaller and reinstall PostgreSQL.
After you install PostgreSQL you will need to edit the pg_hba.conf and make sure there is a "127.0.0.1/32 password" line.
Next run the init.sql in the Noodle folder with PGAdmin3 one line at a time.
Restart the PostgreSQL then Noodle service.