Categories > WeAreDevs > Announcements >

There was never an XSS issue with the previous code blocks

WRD

admin

Posts: 992

Threads: 34

Joined: Dec, 2016

Reputation: 104

Posted

You used to be able to create code blocks by enclosing text between two sets of three backticks "```". There was a bug with the implementation that sometimes caused a page to display a bit funky. People confused this for an XSS vulnerability. I want to say that there was no XSS vulnerability. The real cause was that the server would prematurely close an HTML tag due to the way the server inserts the code blocks. It was a semantics issue. There was no way to insert Javascript code as a result of this bug.

 

I've removed the old implementation of code blocks because I saw that the editor had a plugin that already implements code blocks. This spared my time of needing to fix the bug. It also implemented code blocks way better.

 

If I'm wrong and someone has proof that it caused XSS issues, then please let me know. Otherwise, I'm absolutely confident that the previous code block implementation issue was just a visual bug.

  • 0

https://cdn.wearedevs.net/images/icons/youtube.png Coding Tutorials  https://i.imgur.com/z8bRyw3.png Blog

eb_

Formally known as Shade

vip

Posts: 1044

Threads: 4

Joined: Jun, 2020

Reputation: 44

Replied 

print("very poggers")

https://i.gyazo.com/18ca88edbb1c5917deae116065088a21.png

 

was this u mean? (thanks to david btw)

  • 0

https://media.discordapp.net/attachments/1010636204225601659/1012865624797610044/sKQybOLT.gif

Monkey_D_Luffy

cool kid

noticed

Posts: 688

Threads: 66

Joined: Jun, 2020

Reputation: 35

Replied

I failed🥺🥺🥺🥺🥺😭😭😭😭😪😓😓😢😢

Content length must be 10-5000 chars

 

  • 0

https://linktr.ee/WeAreDevs for help with exploits or guides on the forum.

WRD

admin

Posts: 992

Threads: 34

Joined: Dec, 2016

Reputation: 104

Replied

@eb_ No, but I guess I'll look into that visual bug too. Thanks for the report.

  • 0

https://cdn.wearedevs.net/images/icons/youtube.png Coding Tutorials  https://i.imgur.com/z8bRyw3.png Blog

eb_

Formally known as Shade

vip

Posts: 1044

Threads: 4

Joined: Jun, 2020

Reputation: 44

Replied

@WRD alright good luck

  • 0

https://media.discordapp.net/attachments/1010636204225601659/1012865624797610044/sKQybOLT.gif

Moon

Moon

vip

Posts: 7405

Threads: 314

Joined: Aug, 2020

Reputation: 77

Replied

Did you ever find out why only my thread did that?

  • 0

https://media.discordapp.net/attachments/769721958426083333/958120051641294848/moonBanner_2.png

0x777_

.

noticed

Posts: 2086

Threads: 10

Joined: Sep, 2020

Reputation: 59

Replied

@WRD Hi /chars

  • 0

Discord : Doctor Doom#0550

TaxiDriver08

JustMarie

Posts: 1545

Threads: 39

Joined: Dec, 2020

Reputation: 6

Replied 

console.warn("jon is our senpai and is caring about us!!")

 

OMFG THESE CODE BLOCKS ARE EVEN SECKSIERRR

  • 0

JustMarie#0709

 

WRD

admin

Posts: 992

Threads: 34

Joined: Dec, 2016

Reputation: 104

Replied

@Moon Yeah. I explained it above.

The server would prematurely close an HTML tag due to the way the server inserts the code blocks.

  • 0

https://cdn.wearedevs.net/images/icons/youtube.png Coding Tutorials  https://i.imgur.com/z8bRyw3.png Blog

davidTube

not inactive

noticed

Posts: 1848

Threads: 88

Joined: Dec, 2018

Reputation: 54

Replied

ok, good to know

  • 0

https://cdn.discordapp.com/attachments/800294579856605204/923255471358504980/rsz_2bannersiggy.png

Moon

Moon

vip

Posts: 7405

Threads: 314

Joined: Aug, 2020

Reputation: 77

Replied

@WRD

Yay now my thread has a mini WRD in it :3

  • 0

https://media.discordapp.net/attachments/769721958426083333/958120051641294848/moonBanner_2.png

Ducxy

Eclipse Cheats, LLC.

vip

Posts: 678

Threads: 103

Joined: Mar, 2019

Reputation: 35

Replied 

console.log("Very Informative!");

  • 0

https://cdn.discordapp.com/attachments/843640484336500779/920762891588751440/banner2.png

JOSHMISTY

Advantages

Posts: 1016

Threads: 99

Joined: Jul, 2020

Reputation: 10

Replied

no idea what any of this is about but hello 

 

:DDD

  • 0

https://e-z.bio/advantages

https://www.youtube.com/@AdvantagesYT

 

timegoesbyfast

idfk

Posts: 724

Threads: 58

Joined: Feb, 2021

Reputation: 3

Replied

listen to jon man

  • 0

Added

@WRD

Fix wrd bot btw it is bugged i cant get the active forumer badge the bot is late

  • 0

no

Error: The signature must be between 3-200 characters

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )