Categories > WeAreDevs > Announcements >

There was never an XSS issue with the previous code blocks


Xero

CEO of Bugged Code Inc.

admin

Posts: 867

Threads: 32

Joined: Dec, 2016

Reputation: 74

  • 0

Posted

You used to be able to create code blocks by enclosing text between two sets of three backticks "```". There was a bug with the implementation that sometimes caused a page to display a bit funky. People confused this for an XSS vulnerability. I want to say that there was no XSS vulnerability. The real cause was that the server would prematurely close an HTML tag due to the way the server inserts the code blocks. It was a semantics issue. There was no way to insert Javascript code as a result of this bug.

 

I've removed the old implementation of code blocks because I saw that the editor had a plugin that already implements code blocks. This spared my time of needing to fix the bug. It also implemented code blocks way better.

 

If I'm wrong and someone has proof that it caused XSS issues, then please let me know. Otherwise, I'm absolutely confident that the previous code block implementation issue was just a visual bug.

eb_

Formally known as Shade.

vip

Posts: 1603

Threads: 109

Joined: Jun, 2020

Reputation: 35

  • 0

Replied

print("very poggers")

https://i.gyazo.com/18ca88edbb1c5917deae116065088a21.png

 

was this u mean? (thanks to david btw)

https://cdn.discordapp.com/attachments/1013432227830435851/1013434658924535848/SwitchCases.jpg

Posts: 696

Threads: 66

Joined: Jun, 2020

Reputation: 33

  • 0

Replied

I failed🥺🥺🥺🥺🥺😭😭😭😭😪😓😓😢😢

Content length must be 10-5000 chars

 

Xero

CEO of Bugged Code Inc.

admin

Posts: 867

Threads: 32

Joined: Dec, 2016

Reputation: 74

  • 0

Replied

@eb_ No, but I guess I'll look into that visual bug too. Thanks for the report.

eb_

Formally known as Shade.

vip

Posts: 1603

Threads: 109

Joined: Jun, 2020

Reputation: 35

  • 0

Replied

@Xero alright good luck

https://cdn.discordapp.com/attachments/1013432227830435851/1013434658924535848/SwitchCases.jpg

RealNickk

no longer active

vip

Posts: 3964

Threads: 177

Joined: Feb, 2020

Reputation: 56

  • 0

Replied

@Xero alr thats good

Moon

Moon

moderator

Posts: 7652

Threads: 305

Joined: Aug, 2020

Reputation: 69

  • 0

Replied

Did you ever find out why only my thread did that?

Posts: 2024

Threads: 3

Joined: Sep, 2020

Reputation: 53

  • 0

Replied

@Xero Hi /chars

TaxiDriver08

JustMarie

Posts: 1602

Threads: 39

Joined: Dec, 2020

Reputation: 6

  • 0

Replied

console.warn("jon is our senpai and is caring about us!!")

 

OMFG THESE CODE BLOCKS ARE EVEN SECKSIERRR

JustMarie#0709

 

Xero

CEO of Bugged Code Inc.

admin

Posts: 867

Threads: 32

Joined: Dec, 2016

Reputation: 74

  • 0

Replied

@Moon Yeah. I explained it above.

The server would prematurely close an HTML tag due to the way the server inserts the code blocks.

davidTube

not inactive

noticed

Posts: 1971

Threads: 88

Joined: Dec, 2018

Reputation: 46

  • 0

Replied

ok, good to know

Moon

Moon

moderator

Posts: 7652

Threads: 305

Joined: Aug, 2020

Reputation: 69

  • 0

Replied

@Xero

Yay now my thread has a mini WRD in it :3

Ducxy

Eclipse Cheats, LLC.

vip

Posts: 705

Threads: 103

Joined: Mar, 2019

Reputation: 37

  • 0

Replied

console.log("Very Informative!");

JOSHMISTY

https://privatesurf.org

Posts: 1056

Threads: 98

Joined: Jul, 2020

Reputation: 8

  • 0

Replied

no idea what any of this is about but hello 

 

:DDD

Posts: 742

Threads: 58

Joined: Feb, 2021

Reputation: 3

  • 0

Replied

listen to jon man

no

Error: The signature must be between 3-200 characters


Next >>>

Users viewing this thread:


( Members: 0, Guests: 1, Total: 1 )