Belgium Discourse App
-
Populating a page with untrusted 3rd party content. What could possibly go wrong with that?
I missed out on all the "let's fuck up Dreckpore" threads. Did anyone manage to completely break / troll with / otherwise abuse One Broccoli?
-
I don't think you missed all of them, I mean it's still a running joke around these parts, and it hasn't reached the point of being a meme from TDWTF past yet.
-
@Lorne_Kates said:
Did anyone manage to completely break / troll with / otherwise abuse One Broccoli?
@ben_lubar managed to inject CSS using it.
Other than that, it's easy to break, but I don't remember any other abuse cases off the top of my head.
-
This isn't a major thing but watching a oneboxed youtube video in full-screen is pretty nasal demony. Sometimes it'll scroll the thread somewhere random, sometimes it won't play at all.
-
@ben_lubar's XSS with the One Box for that code website is the one I'm thinking of.
-
You mean the fa-spin with github? I don't recall doing any XSS with a code website, although I do remember someone posting some javascript that executed in a frame.
-
Sorry - getting them confused.
Your Github thing, and @Maciejasjmj's CodePen fun.
-
Ooh, looks like someone dejeffed the cross-thread indicators:
Thanks, whoever did that! (@PJH?)
-
Yup, it's now in TDWTF default CSS.
Some discussion on the looks is still conducted here: http://what.thedailywtf.com/t/re-adding-inbound-outbound-arrows-was-css-middle/48221
-
Yup, it's now in TDWTF default CSS.
Is there anywhere that indicates which CSS you're using?
Oh, I guess a little * in front of it in the dropdown menu under your avatar in the title bar.
-
Oh, I guess a little * in front of it in the dropdown menu under your avatar in the title bar.
Yes.
-
Ooh, looks like someone dejeffed the cross-thread indicators:
It's nice how we went in our efforts from "improving Discourse" (raw button, for example) to "unfucking the fuckups Discodevs do" (round avatars, arrows, etc...).
-
It's nice how we went in our efforts from "improving Discourse" (raw button, for example) to "unfucking the fuckups Discodevs do" (round avatars, arrows, etc...).
Yeah... At least those fuckups are restoreable with liberal application of CSS, instead of the "the feature you liked has been removed at the code level, but that's ok, because liking that feature is Doing It Wrong" that has happened before...
-
Yeah, but normally people try to draw extra customers by adding features, not removing them.
-
You're talking about "normally" in a Discourse context. Have you the brainworms‽
-
Oh, I guess a little * in front of it in the dropdown menu under your avatar in the title bar.
When I don't screw up and copy/paste over the wrong bits of
</head>
in /admin/customize/css_html, yes.