Ari's blog

By Ari, history, 23 months ago, In English

It is well known* that you can insert somewhat arbitrary HTML into your CF blog or comment and Codeforces will happily render it, but it was only today that I learned you can do this in blog titles too!

I'm sure this is a perfectly sensible and reasonable feature that cannot be abused

  • Vote: I like it
  • +286
  • Vote: I do not like it

| Write comment?
»
23 months ago, # |
  Vote: I like it +12 Vote: I do not like it

One might even say it's a sus feature

... sorry, I'll leave.

»
23 months ago, # |
  Vote: I like it 0 Vote: I do not like it

mohagus

»
23 months ago, # |
Rev. 5   Vote: I like it +56 Vote: I do not like it

It seems there's some sort of filter, <script> and stuff don't work. But embeds do work:

  • »
    »
    22 months ago, # ^ |
    Rev. 2   Vote: I like it +11 Vote: I do not like it

    Spoiler

    • »
      »
      »
      22 months ago, # ^ |
        Vote: I like it +31 Vote: I do not like it

      lol it's funny how the image expands with the spoiler

»
23 months ago, # |
  Vote: I like it +1 Vote: I do not like it

It just is

»
22 months ago, # |
  Vote: I like it +23 Vote: I do not like it

My Blogs after this learning it..

»
22 months ago, # |
  Vote: I like it +1 Vote: I do not like it

Please don't show this to anyone :)

Preview:

Full:

»
22 months ago, # |
Rev. 7   Vote: I like it +1 Vote: I do not like it

Edit : nice feature and also it seems like when you try to write XSS script in js, it removes some dangerous codes while rendering it

  • »
    »
    22 months ago, # ^ |
    Rev. 2   Vote: I like it 0 Vote: I do not like it

    InnerHTML has nothing to do with this.

    There is definitely some sanitization going on, e.g. you can't use a <script> tag. But it seems there was a conscious decision to allow most HTML, possibly they decided Markdown wasn't sufficient.