Categories > WeAreDevs > Announcements >

There was never an XSS issue with the previous code blocks

Posts: 975

Threads: 34

Joined: Dec, 2016

Reputation: 108

Posted

You used to be able to create code blocks by enclosing text between two sets of three backticks "```". There was a bug with the implementation that sometimes caused a page to display a bit funky. People confused this for an XSS vulnerability. I want to say that there was no XSS vulnerability. The real cause was that the server would prematurely close an HTML tag due to the way the server inserts the code blocks. It was a semantics issue. There was no way to insert Javascript code as a result of this bug.

 

I've removed the old implementation of code blocks because I saw that the editor had a plugin that already implements code blocks. This spared my time of needing to fix the bug. It also implemented code blocks way better.

 

If I'm wrong and someone has proof that it caused XSS issues, then please let me know. Otherwise, I'm absolutely confident that the previous code block implementation issue was just a visual bug.

  • 0

eb_

Formally known as Shade

vip

Posts: 1045

Threads: 4

Joined: Jun, 2020

Reputation: 47

Replied

print("very poggers")

https://i.gyazo.com/18ca88edbb1c5917deae116065088a21.png

 

was this u mean? (thanks to david btw)

  • 0

https://media.discordapp.net/attachments/1010636204225601659/1012865624797610044/sKQybOLT.gif

Posts: 682

Threads: 66

Joined: Jun, 2020

Reputation: 36

Replied

I failed🥺🥺🥺🥺🥺😭😭😭😭😪😓😓😢😢

Content length must be 10-5000 chars

 

  • 0

Posts: 975

Threads: 34

Joined: Dec, 2016

Reputation: 108

Replied

@eb_ No, but I guess I'll look into that visual bug too. Thanks for the report.

  • 0

eb_

Formally known as Shade

vip

Posts: 1045

Threads: 4

Joined: Jun, 2020

Reputation: 47

Replied

@Xero alright good luck

  • 0

https://media.discordapp.net/attachments/1010636204225601659/1012865624797610044/sKQybOLT.gif

Moon

Moon

vip

Posts: 7441

Threads: 314

Joined: Aug, 2020

Reputation: 80

Replied

Did you ever find out why only my thread did that?

  • 0

Posts: 2100

Threads: 10

Joined: Sep, 2020

Reputation: 62

Replied

@Xero Hi /chars

  • 0

Discord : Doctor Doom#0550

TaxiDriver08

JustMarie

Posts: 1547

Threads: 39

Joined: Dec, 2020

Reputation: 6

Replied

console.warn("jon is our senpai and is caring about us!!")

 

OMFG THESE CODE BLOCKS ARE EVEN SECKSIERRR

  • 0

JustMarie#0709

 

Posts: 975

Threads: 34

Joined: Dec, 2016

Reputation: 108

Replied

@Moon Yeah. I explained it above.

The server would prematurely close an HTML tag due to the way the server inserts the code blocks.

  • 0

davidTube

not inactive

noticed

Posts: 1849

Threads: 88

Joined: Dec, 2018

Reputation: 56

Replied

ok, good to know

  • 0

Moon

Moon

vip

Posts: 7441

Threads: 314

Joined: Aug, 2020

Reputation: 80

Replied

@Xero

Yay now my thread has a mini WRD in it :3

  • 0

Ducxy

Eclipse Cheats, LLC.

vip

Posts: 679

Threads: 103

Joined: Mar, 2019

Reputation: 37

Replied

console.log("Very Informative!");
  • 0

JOSHMISTY

Advantages

Posts: 1019

Threads: 99

Joined: Jul, 2020

Reputation: 10

Replied

no idea what any of this is about but hello 

 

:DDD

  • 0

Posts: 725

Threads: 58

Joined: Feb, 2021

Reputation: 3

Replied

listen to jon man

  • 0

Added

@Xero

Fix wrd bot btw it is bugged i cant get the active forumer badge the bot is late

  • 0

no

Error: The signature must be between 3-200 characters

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )