Codeforces Parsing CSS -> Potential security issue?

→ Pay attention

Before contest
CodeTON Round 9 (Div. 1 + Div. 2, Rated, Prizes!)
5 days
Register now »

*has extra registration

→ Streams

DP Bitmask - Topic Stream

By Shayan

Before stream 20:39:59

View all →

→ Top rated

#	User	Rating
1	tourist	4009
2	jiangly	3823
3	Benq	3738
4	Radewoosh	3633
5	jqdai0815	3620
6	orzdevinwang	3529
7	ecnerwala	3446
8	Um_nik	3396
9	ksun48	3390
10	gamegame	3386

Countries | Cities | Organizations

View all →

→ Top contributors

#	User	Contrib.
1	cry	166
2	maomao90	163
2	Um_nik	163
4	atcoder_official	161
5	adamant	159
6	-is-this-fft-	158
7	awoo	157
8	TheScrasse	154
9	nor	153
9	Dominater069	153

View all →

→ Find user

→ Recent actions

Detailed →

Codeforces Parsing CSS -> Potential security issue?

Revision en1, by 60SecondsInAfrica, 2020-09-09 21:16:21

Dear Codeforces community. recently, kostia244 found out that codeforces parses custom CSS & HTML in this comment: https://mirror.codeforces.com/blog/entry/82468?#comment-693536

This could potentially be exploited by putting a malicious URL to steal a user's cookies and login sessions. Obviously making a PoC would be illegal but I would like to discuss whether or not that's even possible, and if so notify the admins to fix.

This is could be dangerous, this text is not even a part of the image

History

Revisions

	Rev.	Lang.	By	When	Δ	Comment
	en2		60SecondsInAfrica	2020-09-09 21:22:22	82
	en1		60SecondsInAfrica	2020-09-09 21:16:21	751	Initial revision (published)