Try clicking this link (the domain is codeforces.com)
How I discovered this
UPD: The bug is fixed now, however there's another (see the comment below)
Try clicking this link (the domain is codeforces.com)
UPD: The bug is fixed now, however there's another (see the comment below)
| # | User | Rating |
|---|---|---|
| 1 | ecnerwala | 3648 |
| 2 | Benq | 3580 |
| 3 | orzdevinwang | 3570 |
| 4 | cnnfls_csy | 3569 |
| 5 | Geothermal | 3568 |
| 6 | tourist | 3565 |
| 7 | maroonrk | 3530 |
| 8 | Radewoosh | 3520 |
| 9 | Um_nik | 3481 |
| 10 | jiangly | 3467 |
| # | User | Contrib. |
|---|---|---|
| 1 | maomao90 | 174 |
| 2 | awoo | 164 |
| 2 | adamant | 164 |
| 4 | TheScrasse | 159 |
| 4 | nor | 159 |
| 6 | maroonrk | 156 |
| 7 | -is-this-fft- | 150 |
| 8 | SecondThread | 147 |
| 9 | orz | 146 |
| 10 | pajenegod | 145 |
Thanks for the super quick fix, but it's still impossible to preview a post with one of
<>"in the title.That leads to another attack -- Click here. Similar to the previous attack, it only works when you're logged in.
(Source: Is escaping < and > sufficient to block XSS attacks? — Stack Overflow)