Discoursistent polls
-
[poll]
- something?
[quote="sloosecannon
, post:46, topic:48459"] Quote majiks[/quote] - yes?
[/poll]
- something?
-
Someone else voted and...
-
Quotes apparently asplode polls...
[poll] -foo -foo2 [/poll]
, post:46, topic:48459 said:Quote majiks
And trying to use quote majiks asplode polls and quotes too
-
[poll]
- option
option2
- HI!
[/poll]
That's fantastic
-
[poll]
- option
[poll]
- option
option2
[/poll]That's fantastic
[/quote]Damn it, baking "fixes" it
-
[poll name=
]- hello
- world
[poll]
- hello world?
- Hello!
[/poll] - hello world!
[/poll]
-
LOL WTF?
Copy raw to see what I thought it would look like
-
...where did "hello world!" even go?
-
Good question.
-
Also, XSS achieved
-
[poll]
- small
[/poll]
Damn max height. To be nice, I'll shrink the image some.
-
[poll]
-
Vote
-
Vote here
[/poll]
-
-
[poll]
- outer option
- dummy [poll name=flargle]
- inner option
- another inner option
- more dumminess [poll name=blargle]
- an inner inner option
- another inner inner option
- breakage [/poll]
- [/poll]
[/poll]
Alright -- I can create nested polls in preview (show raw for how), but they Discobake to one poll. Interesting...
-
I can create nested polls
[poll name=outer]- 1
-
<script>alert("hi!")</script>Foo!
- 2
- 3
No, they don't behave anywhere near what you'd expect them to. Not sure what to expect in the first place though...
-
[quote="
"]Foo!- 1
- 2
test
[/quote]<a
- 1
-
Shit, I thought those were screenshots. But they're actual polls. What?
-
]- an option
- another option
[/poll]
-
What was your intent, and did you succeed?
-
[poll name=<script>=lert("uh oh");</script>]
- an option
- another option
[/poll]
-
[poll name=<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>]
- an option
- another option
[/poll]
-
[poll name="style=&{alert('XSS')]
- an option
- another option
[/poll]
-
[poll name="]
- an option
- another option
[/poll]
-
Heh you're really trying hard, aren't you?
You're aware I already found something right? :P
-
[poll name="style=brouhaha"]
- an option
- another option
[/poll]
-
[poll name="&>>&<<script&>>]
- an option
- another option
[/poll]
-
[poll name="<>&<;<script>alert("ohno");//&<</script&>>]
- an option
- another option
[/poll]
-
[poll name="&>>&<<script>alert("ohno");//&<</script&>>]
- an option
- another option
[/poll]
-
[poll name="<>�<script>alert("ohno");//&<</script&>>]
- an option
- another option
[/poll]
-
[poll name="<><<script>alert("ohno");//<</script><:<div ]
- an option
- another option
[/poll]
-
if it's broken our customers will tell us!
My users tell me that the program is really great and then I look at what they're doing and my program is doing something really stupid and broken in response to their actions. Like throwing them down an elevator shaft because they pressed against a wall.
-
[poll name="<=]
- an option
- another option
[/poll]
-
[poll name="&>>&<<script>alert("ohno");//&<</script&>>] - an option - another option [/poll]
This is the closest I've come to an XSS so far -- the Discobaker actually gets fooled into letting the tags into the cooked post, but Chrome's parser gets lost in the swamp of bogus entities and doesn't see them.
-
[poll name=]
- Â
- Â
- Â Â
- Â Â
- Â Â Â
- Â Â Â
[/poll]
-
Nope... I've been bitten by that issue before. Chrome's dev-view display "helpfully" turns html entities into the proper characters, hiding the fact that everything's actually escaped :P
-
Chrome's dev-view display "helpfully" turns html entities into the proper characters, hiding the fact that everything's actually escaped
Oh...laughs silly dev display
-
Yup, been there, stupided that, got the T-shirt
-
@accalia said:
if it's broken our customers will tell us!
My users tell me that the program is really great and then I look at what they're doing and my program is doing something really stupid and broken in response to their actions. Like throwing them down an elevator shaft because they pressed against a wall.
they're not complaining though so: WONTFIX-NOREALUSERCOMPLAINT
:-P
-
My users tell me that the program is really great and then I look at what they're doing and my program is doing something really stupid and broken in response to their actions. Like throwing them down an elevator shaft because they pressed against a wall.
Sounds like they're afraid of what you'll do to them if they actually complained.
-
I can haz big texts? Let's see if this renders like preview claims it will!
-
<script>alert("xss?");</script>- Hello
- <script>alert(xss?);
-
I can't decide!
-
<script>alert("xss?");</script>- Hello
- There<script>alert('xss?');</script>
I wonder...
-
Damn, can't hijack another poll... Also it hides all content after the poll.
Edit: no, that was me doing something wrong, content is there
-
Ok, last one because I forgot to test this:
Pick one! Really. Oh come on already. ```- Hello
- There</script>
View raw for extra WTFery. Copy and remove backticks for bonus mindfuck.
-
The
height: 2.3em
style is removed in master, which will remove the signature guy shenanigans. Though it should probably bemin-height: 2.3em;
ping @zogstrip
-
This is great. Takes me right back to the Community Server days.