Блог пользователя z4120

Автор z4120, история, 5 лет назад, По-английски

Try clicking this link (the domain is codeforces.com)

How I discovered this

UPD: The bug is fixed now, however there's another (see the comment below)

  • Проголосовать: нравится
  • +71
  • Проголосовать: не нравится

»
5 лет назад, # |
Rev. 2   Проголосовать: нравится +37 Проголосовать: не нравится

Thanks for the super quick fix, but it's still impossible to preview a post with one of <>" in the title.

That leads to another attack -- Click here. Similar to the previous attack, it only works when you're logged in.

(Source: Is escaping < and > sufficient to block XSS attacks? — Stack Overflow)