1. Home
  2. Categories
  3. Meta
  4. Bugs
  5. Discoursistent polls

Discoursistent polls

"]

test
[/quote]

<a

  • 1
1
  • ben_lubar

    Shit, I thought those were screenshots. But they're actual polls. What?

    5
  • tarunik

    ]
    • an option
    • another option
      [/poll]
    0 sloosecannon 1 Reply
  • sloosecannon
    :belt_onion:

    What was your intent, and did you succeed?

    0 tarunik 1 Reply
  • tarunik

    [poll name=<script>=lert("uh oh");</script>]

    • an option
    • another option
      [/poll]
    0 tarunik 1 Reply
  • tarunik

    [poll name=<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>]

    • an option
    • another option
      [/poll]
    0 tarunik 1 Reply
  • tarunik

    [poll name="style=&{alert('XSS')]

    • an option
    • another option
      [/poll]
    0 tarunik 1 Reply
  • tarunik

    [poll name="]

    • an option
    • another option
      [/poll]
    0 sloosecannon 1 Reply
  • sloosecannon
    :belt_onion:

    Heh you're really trying hard, aren't you?
    You're aware I already found something right? :P

    0 tarunik 1 Reply
  • tarunik

    [poll name="style=brouhaha"]

    • an option
    • another option
      [/poll]
    0 tarunik 1 Reply
  • tarunik

    [poll name="&>>&<<script&>>]

    • an option
    • another option
      [/poll]
    0 tarunik 1 Reply
  • tarunik

    [poll name="<> &<;<script>alert("ohno");//&<</script&>>]

    • an option
    • another option
      [/poll]
    0 tarunik 1 Reply
  • tarunik

    [poll name="&>>&<<script>alert("ohno");//&<</script&>>]

    • an option
    • another option
      [/poll]
    0 tarunik 1 Reply
  • tarunik

    [poll name="<>�<script>alert("ohno");//&<</script&>>]

    • an option
    • another option
      [/poll]
    0 tarunik 1 Reply
  • tarunik

    [poll name="<><<script>alert("ohno");//<</script>&lt:<div ]

    • an option
    • another option
      [/poll]
    0 tarunik 1 Reply
  • ben_lubar

    @accalia said:

    if it's broken our customers will tell us!

    My users tell me that the program is really great and then I look at what they're doing and my program is doing something really stupid and broken in response to their actions. Like throwing them down an elevator shaft because they pressed against a wall.

    7 accalia boomzilla 2 Replies
  • tarunik

    [poll name="<=]

    • an option
    • another option
      [/poll]
    0 tarunik 1 Reply
  • tarunik 

    [poll name="&>>&<<script>alert("ohno");//&<</script&>>]
- an option
- another option
[/poll]

    This is the closest I've come to an XSS so far -- the Discobaker actually gets fooled into letting the tags into the cooked post, but Chrome's parser gets lost in the swamp of bogus entities and doesn't see them.

    0 sloosecannon 1 Reply
  • ben_lubar

    [poll name=]

    • ­
    • ­
    • ­ ­
    • ­ ­
    • ­ ­ ­
    • ­ ­ ­
      [/poll]
    0
  • sloosecannon
    :belt_onion:

    Nope... I've been bitten by that issue before. Chrome's dev-view display "helpfully" turns html entities into the proper characters, hiding the fact that everything's actually escaped :P

    0 tarunik 1 Reply
  • tarunik

    @sloosecannon said:

    Chrome's dev-view display "helpfully" turns html entities into the proper characters, hiding the fact that everything's actually escaped

    Oh...laughs silly dev display

    2 sloosecannon 1 Reply
  • sloosecannon
    :belt_onion:

    Yup, been there, stupided that, got the T-shirt

    0
  • accalia
    FoxDev

    @ben_lubar said:

    @accalia said:
    if it's broken our customers will tell us!

    My users tell me that the program is really great and then I look at what they're doing and my program is doing something really stupid and broken in response to their actions. Like throwing them down an elevator shaft because they pressed against a wall.

    they're not complaining though so: WONTFIX-NOREALUSERCOMPLAINT

    :-P

    2
  • boomzilla
    ♿ (Parody)

    @ben_lubar said:

    My users tell me that the program is really great and then I look at what they're doing and my program is doing something really stupid and broken in response to their actions. Like throwing them down an elevator shaft because they pressed against a wall.

    Sounds like they're afraid of what you'll do to them if they actually complained.

    7
  • Onyx
    BINNED

    I can haz big texts? Let's see if this renders like preview claims it will!
    1 A 1 Reply
  • Onyx
    BINNED

    <script>alert("xss?");</script>
    • Hello
    • <script>alert(xss?);
    1
  • A

    I can't decide!

    1
  • Onyx
    BINNED

    <script>alert("xss?");</script>
    • Hello
    • There<script>alert('xss?');</script>

    I wonder...

    0 Onyx 1 Reply
  • Onyx
    BINNED

    Damn, can't hijack another poll... Also it hides all content after the poll.

    Edit: no, that was me doing something wrong, content is there

    0 Onyx 1 Reply
  • Onyx
    BINNED

    Ok, last one because I forgot to test this:

    Pick one! Really. Oh come on already. ```
    • Hello
    • There</script>

    View raw for extra WTFery. Copy and remove backticks for bonus mindfuck.

    0 riking 1 Reply
  • riking

    The height: 2.3em style is removed in master, which will remove the signature guy shenanigans. Though it should probably be min-height: 2.3em; ping @zogstrip

    0
  • N

    This is great. Takes me right back to the Community Server days.

    0
    • Log in to reply