Try clicking this link (the domain is codeforces.com)
How I discovered this
UPD: The bug is fixed now, however there's another (see the comment below)
# | User | Rating |
---|---|---|
1 | ecnerwala | 3648 |
2 | Benq | 3580 |
3 | orzdevinwang | 3570 |
4 | cnnfls_csy | 3569 |
5 | Geothermal | 3568 |
6 | tourist | 3565 |
7 | maroonrk | 3530 |
8 | Radewoosh | 3520 |
9 | Um_nik | 3481 |
10 | jiangly | 3467 |
# | User | Contrib. |
---|---|---|
1 | maomao90 | 174 |
2 | adamant | 164 |
2 | awoo | 164 |
4 | TheScrasse | 160 |
5 | nor | 159 |
6 | maroonrk | 156 |
7 | -is-this-fft- | 150 |
8 | SecondThread | 147 |
9 | orz | 146 |
10 | pajenegod | 145 |
Try clicking this link (the domain is codeforces.com)
I notice that any quotation mark in the title will make the part after it disappear.
UPD: The bug is fixed now, however there's another (see the comment below)
Name |
---|
Thanks for the super quick fix, but it's still impossible to preview a post with one of
<>"
in the title.That leads to another attack -- Click here. Similar to the previous attack, it only works when you're logged in.
(Source: Is escaping < and > sufficient to block XSS attacks? — Stack Overflow)