It is well known* that you can insert somewhat arbitrary HTML into your CF blog or comment and Codeforces will happily render it, but it was only today that I learned you can do this in blog titles too!
I'm sure this is a perfectly sensible and reasonable feature that cannot be abused
| № | Пользователь | Рейтинг |
|---|---|---|
| 1 | tourist | 3690 |
| 2 | jiangly | 3647 |
| 3 | Benq | 3581 |
| 4 | orzdevinwang | 3570 |
| 5 | Geothermal | 3569 |
| 5 | cnnfls_csy | 3569 |
| 7 | Radewoosh | 3509 |
| 8 | ecnerwala | 3486 |
| 9 | jqdai0815 | 3474 |
| 10 | gyh20 | 3447 |
| Страны | Города | Организации | Всё → |
| № | Пользователь | Вклад |
|---|---|---|
| 1 | maomao90 | 174 |
| 2 | awoo | 164 |
| 3 | adamant | 163 |
| 4 | TheScrasse | 159 |
| 5 | nor | 157 |
| 6 | maroonrk | 156 |
| 7 | -is-this-fft- | 152 |
| 8 | Petr | 146 |
| 8 | orz | 146 |
| 10 | BledDest | 145 |
One might even say it's a sus feature
... sorry, I'll leave.
mohagus
It seems there's some sort of filter, <script> and stuff don't work. But embeds do work:
lol it's funny how the image expands with the spoiler
It just is
My Blogs after this learning it..
Please don't show this to anyone :)
Preview:
Full:
Edit : nice feature and also it seems like when you try to write XSS script in js, it removes some dangerous codes while rendering it
InnerHTML has nothing to do with this.
There is definitely some sanitization going on, e.g. you can't use a
<script>tag. But it seems there was a conscious decision to allow most HTML, possibly they decided Markdown wasn't sufficient.