More Discoparser Tomfoolery
-
Golfed:
**<abbr=":hanzo:*\**<**
<abbr="*<Original
**<abbr title=":hanzo:*\**">HTFY</abbr>**
HTFY
<img src=
Okay, I was trying to type "
<img src=
???" But then I got whatever that 769c` is. I don't know. Yay, a third bug! What the actual fuck! Turns out anything you type after the**<abbr title=":hanzo:*\**">HTFY</abbr>**
line becomes some weird hash-part. And if you type anything else on the same line, it also breaks. I'm pretty sure there's some XSS vector here somewhere...
Anyways...what the fuck is any of this?
-
HTFY
This is an additional line<img src=" anything you put in the code bit here breaks and also changes that weird
``hash output`
-
Nested quotes are broken, too:
nested quote 1
bla blanested quote 2
bla bla some moreYay, incorrect renderings.
-
@rc4 said:
hash output
No, you just have to format them correctlyThey only work if you format them properly. ;)
-
<img src="http://d0od.wpengine.netdna-cdn.com/wp-content/uploads/2012/08/favicon.png" title="
Make any image an emoji with this simple hack!
Step 1: Type
<img src="
and paste in your URL.
Step 2: Close the quotes.
Step 3: Make the imagetitle
attribute any emoji. Leave off the ending quotation mark, and don't close the tag.
Step 4: ???
Step 5: Profit!Example:
<img src="http://d0od.wpengine.netdna-cdn.com/wp-content/uploads/2012/08/favicon.png" title=":small_blue_diamond:
-
I think this can be shortened a bit
- Do anything that results in any special Discomarkup (like
[poll]
) - Add some html with an unclosed attribute
- [poll]
- a
- <abbr title="
[/poll]
3. [poll] - a - <abbr title=" [/poll]
Edit: I just realized that in the emoji variant, steps 1 and 2 are reversed.
- Do anything that results in any special Discomarkup (like
-
Oh, look, someone is still toying with the discohash. Because that never gets old.
After all, it's only been like 6 weeks since the last one of these topics died out.
-
A single nested quote works fine. Multiple child quotes within one parent quote is what's broken.
Multiline code in a quote block sometimes goes wrong, too.
-
Oh, heaven forbid you see another topic about how discourse is broken. Too bad Jeff himself reads each and every letter of every post in every topic to you, and provides no ways to shut him up.
-
Oh, heaven forbid you see another topic about how discourse is broken
It's not another topic about how discourse is broken. It's another topic about the same bug. Again.
At least come up with something new.
-
Except different. Again. With different sub-bugs. Again. Just because it makes discourse spit out a hash doesn't mean it doesn't do other stupid things, which this one clearly does.
-
-
Make any image an emoji with this simple hack!
Could you not just add
class='emoji'
to the<img>
markup?
-
Except different. Again. With different sub-bugs. Again. Just because it makes discourse spit out a hash doesn't mean it doesn't do other stupid things, which this one clearly does.
Everything you've posted in this thread is covered by the scenarios in the thread I linked. Just look at the introduction of censored words if you don't believe me.
-
Yeah, but I don't even know how discourse gets
class="emoji"
fromtitle=":smile:"
-
-
Except it's not, why don't you go moan elsewhere about something that makes no sense whatsoever? This one even has the cool thing where you can make DiscoParser hash arbitrary MD5 strings and try to insert HTML tags into abbreviations.
-
Yeah, but I don't even know how discourse gets class="emoji" from title=""
Regex, if I had to hazard a guess....
-
-
I dunno, I see no
_
in the first one (which is required for the second one), and I see no<small>
, and I see no censored words.You also ignore the fact that it introduces several new behaviors that I've mentioned previously.
-
I was going to post something else but while posting that I encountered this:
[<img title=](http://google.com)
which (at least in preview) leaves you with an unclosed link that takes over the rest of your post.
Edit: hahaha did I say unclosed? I meant it re-opens a new link for every paragraph:
-
This is fun!
-
Oh that's fantastic
-
I see no _ in the first one (which is required for the second one)
Here, no underscore:
*belgium
I see no <small>, and I see no censored words.
So they are different approaches to the same bug? Ok …
You also ignore the fact that it introduces several new behaviors that I've mentioned previously.
The new behaviors are merely side effects of the HTML that you chose to use for this particular implementation of the bug. Let's look at the "behaviors" you mentioned:
you can make DiscoParser hash arbitrary MD5 strings
Wut? Each of your examples consists of the MD5 hash for the asterisk. Where are the "arbitrary" MD5 strings? You want arbitrary, I give you the MD5 hash for an underscore:
__s _e
By your logic, this is a new bug. So that means I can take each of the asterisk based MD5 "bugs", replace the asterisks with underscores and claim a new bug!
<abbr="_<
<sarcasm>Another new bug! Score!</sarcasm>
Of course, that's bullshit, and so is your claim that you can hash arbitrary MD5 strings.
try to insert HTML tags into abbreviations.
I'm guessing you mean the bit about
HTFY
Key word: "try". First off, the HTML spec doesn't allow the use of tags within the abbr tags. Do you even know why it failed? Probably not. The reason, dear boy, has to do with the double quotes. based on the output, it looks like the DiscoParser first has fun with the hash, which would give us something like:
<b><abbr title=":hanzo:*9dae361af79b04c9c8e7057f60cc6*">HTFY</abbr></b>
Then, the DiscoParser works on the
:hanzo:
, which gives us:<b><abbr title="<img src="/uploads/default/_emoji/hanzo.png?v=0" title=":hanzo:" class="emoji" alt=":hanzo:">*9dae361af79b04c9c8e7057f60cc6*">HTFY</abbr></b>
After that, the HTML "cleanup" happens. It sees the matching quotes around
<img src=
, so that gets kept. The DiscoParser apparently has trouble parsing the rest of/uploads/default/_emoji/hanzo.png?v=0" title=":hanzo:" class="emoji" alt=":hanzo:"
, so it gets blocked by the HTML whitelist. That leaves:<b><abbr title="<img src=">*9dae361af79b04c9c8e7057f60cc6*">HTFY</abbr></b>
Which renders as:
9dae361af79b04c9c8e7057f60cc6">HTFY
and is identical to:
HTFY
In short, your "attempt" is not a bug of its own.
-
Where are the "arbitrary" MD5 strings? You want arbitrary, I give you the MD5 hash for an underscore:
https://what.thedailywtf.com/t/more-discoparser-tomfoolery/54335/2?u=rc4
HTFY
stuff at the beginnin<img src=" see abarker? wtf
HTFY
stuff at the beginnin<img src=" see abarker? wtf 22222
HTFY
even more?<img src=" see abarker? wtf9
-
*\\*\\****
body
-
_____*belgiums_testing___
I have improved on my methods!
-
-
It's not another topic about how discourse is broken. It's another topic about the same bug. Again.
At least come up with something new.
Here's the deal - we'll start coming up with new bugs once they fix this one. Okay?
Filed under: don't hold your breath
-
Here's the deal - we'll start coming up with new bugs once they fix this one. Okay?
But … But that would require someone telling them about it! Again!