How about this? Sidebar audio src="http://soundjax.com/reddo/ 64951%5Ecddyhorn.mp3" controls autoplay></audio>
-
If this works too, we're all doomed.
-
I hate you so much right now :D
-
Well that was beautiful.
-
Because I am a just and noble ruler, I have edited the title to remove the 'loop' keyword.
You are all welcome.
-
Still hating you so much (but maybe a little less :D)
-
And let it be known, in year 2x103 + 14, after the great cloud of tags was destroyed, and after the death of the Great Signature Guy, that the TDWTF community was once again delivered into fuckupedness by the mighty audio tag, and @subscript_error was it's prophet.
-
Standing on the shoulders of giants, really. I was in the middle of trying to break my usercard again when I saw that @Kuro and @Maciejasjmj had found an alternate way in.
We can all share the prize money.
-
I wanna thank @codinghorror and @sam to make this possible! We could have never done it without them!
-
Ugh. Yeah, the culprit here is that for a long time we blindly stripped html tags from topic titles. This prevented a lot of potential xss but it also meant that you could not talk about html tags in legit topics.
It was only recently that we lifted that restriction, so this meant that html tags in titles didn't get adequately tested, obviously. This is our bad. @eviltrout is around so he can deploy a fix.
-
How is there any potential XSS if you always encode the title wherever you output it? What am I missing here?
-
-
Here is the log, we only allowed html tags in titles starting in mid April
https://meta.discourse.org/t/cannot-put-html-tag-in-topic-title/9111/12?u=codinghorror
Obviously we did not test tags in titles adequately after that.
-
Ok should be all fixed up. Sorry about that and thanks for the repro.
-
-
the original bug with the sidebar is still happening:
http://what.thedailywtf.com/t/sidebarwtfs-are-not-sanitized-for-mainpage/887/Or does the fix not affect already posted posts? or does it sanitize on view?
-
Well we don't have access to the WTF main page code, that sanitization should happen on @apapadimoulis's side. But we both had a severe bug related to this, obviously, now I am letting him know.
-
Ok should be all fixed up.
Feature request: add the functionality back for this forum. We need an XSS exploit.
Also, I wonder why nobody from the front page has yet complained... To someone not in the know, that must be weird.
-
-
I take it that right now, the reason we're not all putting audio tags in our signatures, playing tunes such as 'right now' by Korn, is because we're nice.
-
a) we don't have signatures ( )
b) the exploit has been fixed (with one minor exception)
c) Wouldn't that be illegal anyway? I don't think anybody here wants to create legal problems
d) Why am I using letters as bulletpoints? I dunno
e) You can be the first to find another exploit and try to put music in there, thoughFiled under: The best plan apparently is to break things until they are shaped the way you want them to
-
-
If only you guys had the ability to remove picture from posts or something like that (looking at that other topic I replied to :D)
Actually there are boards out there, that allow signatures that only show on the first / last post on said page (in this case topic) AND if you save them sepearatly you might even give users the options to turn them off.This may sound like I care deeply for signatures when really I am just bored enough to defend random things on this board :D
Filed Under: Isn't this another one of these "Every Community has different requirements" type of things?
-
I'm actually on the fence about signatures, whether they should be part of a modern forum system or not. Certainly it's a typical expectation but they are often so badly abused it's not even funny. Last time I thought about that kind of thing, I actually set up the warning system specifically so moderators could easily issue warnings to users about their signatures and hide them from the public for a period of time (giving the offender chance to change their signature to be less unpleasant)
-
An interesting side note, we deployed this "signature" thingy at falksy to great success (shipped via plugin):
People love it and its a form of signature with tight restrictions.
-
I wanted to reply with "WhyWasIBanned.com" but that site went out of business a while ago.
You might find it with some internettimemashine or whatever you fancy. It was basically a site about people complaining about being banned from XBox-Live after breaking the rules ~10000 times. It was almost as hillarious as this but with the added bonus of whining.
Your post made me think of this!Discuss
Filed under: Let's derail this topic even more! The Original Topic doesn't work anymore anyway!
-
Slow page is very slow.
I don't get it... I'm assuming you mean the shopping cart icon with the name after it, but that's really not the same as a forum signature.
-
. I'm assuming you mean the shopping cart icon with the name after it, but that's really not the same as a forum signature.
It is performing one of the roles that signatures often fill. (or pretty much exclusively filled in said community)
-
Usually the things you inbox are actually relevant to what you stated. Now I know that something about google+ and Gmail is happening and stuff... but there is no mention of Signatures anywhere. You should have used a Post where people were singing and dancing for getting Signatures!!!
0/10 try again next time
Filed Under: Always typing "Filed Under: " and using the brackets is so hard!
-
Signatures perform two roles in forum communities: self expression or self promotion. Sometimes both at once. The example you gave is one of self promotion but in an automated fashion that will tend towards being ignored because it will end up blending in with the page flow.
-
I would accept no signature if there was an easy "add stupid tags nobody needs"-field somewhere in the reply-box
Because that is how signatures on TDWTF are usually handled anyway!
-
TDWTF's community is the RWTF in this circumstance (booo! booo!) because of the whole meta thing about abusing tags in CS and what amounts to a per-post signature rather than a per-user signature.
For reference, on one forum, my signature is a key verse from a Marillion song summing up my feelings towards them.
Filed under: Can we say 'passive aggressive'?
-
-
the whole meta thing about abusing tags in CS and what amounts to a per-post signature rather than a per-user signature.
CS tags on TDWTF were hashtags before there were hashtags.
Filed Under: Anti-diplomacy
-
It was hipster now it's mainstream and therefore no longer cool, got it.
-
They're totally retro now. Try to keep up.
-
@codinghorror it's still unsanitized in the first post's history viewer.
-
I'm sad I missed this.
-
You could make a SignatureBot that immediately replies to every post you make. And when you want to change your signature, it just edits all its posts.
-
That seems drastic and smart at the same time. However I would expect it to also become a TDWTF story despite the ingenuity involved.
-
If I could do that, wouldn't it be smarter to just program a plugin for Discourse, send it to apapadimoulis and wait until he includes it? He said, he'd include everything
Filed Under: Not that I'd ever seen RoR-code outside of TDWTF
-
I just deployed a fix for this, such a great catch. Surprisingly stuff was escaped and then being unescaped by an html parser on the server side.
-