Post history preserves sanitization errors
-
Continuing the discussion from The "fa-spin" Testing Thread:
@faoileag said:
bowser
For example, click the edit pencil on the linked post by @zecc
You can still see the fa-spin!
Obligatory @discoursebot
-
Even better: it happens at the edge of the window!
-
This one is even better
-
This is brilliant. If it gets fixed it's your fault though
-
I'm... not even sure if I should report it. It's not even remotely close to exploitable...
-
First, to see if we can trigger it with new posts:
Outside the -edit window yet? No
Now? What? How long is this window? Finally!
OK, I need a new diff… this should do…
-
No but it's amusing at least.
-
Too bad I can't revive that one iframe by viewing edit history ...
-
OK, it's not exploitable with new posts; guess the changes made to the baking do apply to the diffs after all. Well, those created after the changes were applied, anyway.
-
Yeah, looks like post histories never get rebaked
-
You could have linked to the post directly. Scrolling down takes work, you know?
But great find.
-
You know what this means, don't you?
Now every time we find some funny abuse, we have to make at least one edit so it can be preserved.
-
+