Is it possible to link to a specific point in a users post?
-
Just out of curiosity, is it possible to link to a specific point of a users post?
-
http://what.thedailywtf.com/t/is-it-possible-to-link-to-a-specific-point-in-a-users-post/1213#anchor
Did I create a bug with my 'Anchor test' link?
-
-
Well. That was disappointing.
[testing]
Filed under: Hey, guys, I got Ellipsis working.
[More testing]
http://en.wikipedia.org/wiki/...?/../Topic
-
From my previous testing, it appears Discurse strips id attributes from <a> tags.
-
He was using the name attribute.
-
He was using the name attribute.
So I read in the bug topic, after I posted that here.
-
Just some more testing.
Pasting random xss scripts
[@\..asdf..\@]
-
There's no way that script was working.
Even a first time forum creator stops that as his first line defense!Pasting random xss scripts
hello youPasting random xss scriptsClick Me
Pasting random xss scripts
Click Me
Quoted for posterity
-
What a load, image previewer...
Why no data:image support? :(
faildot
-
There's no way that script was working.
Even a first time forum creator stops that as his first line defense!I thought that was precisely the point of TDWTF that way too many people don't stop XSS.
Did I mention I found two XSS holes in SMF this week, that have been there a decade? Albeit in a buried part of the admin panel but it wouldn't take a great difficulty in a little social engineering to compromise an admin account.
-
Just some more testing.
Pasting random xss scripts
[@\..asdf..\@]There's a daily limit on edits. Hi.
-
I thought that was precisely the point of TDWTF that way too many people don't stop XSS.
I was only noting that @codinghorror and @sam might be smarter than your average TDWTF submission
-
Well, i can use the a href flag to go to google, so there's that.
-
<a href="http://what.thedailywtf.com/t/is-it-possible-to-link-to-a-specific-point-in-a-users-post/1213/11"><a href="google.com">where will this go?</a></a>
interesting parsing result there.
it goes to neither. it makes a new broken anchor woo!
-
Except for a forum software that accepts raw HTML without escaping it as we saw with a certain .dmg and the number of XSS issues found by this forum would suggest perhaps otherwise.
-
Except for a forum software that accepts raw HTML without escaping it as we saw with a certain .dmg and the number of XSS issues found by this forum would suggest perhaps otherwise.
I am disappoint son. Guess I missed that fun.
-
Especially with the
<audio>
tag in a title that caused fun in the Sidebar WTF bridge to TDWTF's front page, that was even funnier.
-
[@\..[@\..where will this go?..\@]..\@]
-
-
[@\..[@\..where will this go?..\@]..\@]
Apparently, it goes to two different locations
[@\.. goes to the original url
http://what.thedailywtf.com/t/is-it-possible-to-link-to-a-specific-point-in-a-users-post/1213/11and the 'where will this go? goes to the tracking error page.
/edit limit reached lol
-
http://what.thedailywtf.com/t/is-it-possible-to-link-to-a-specific-point-in-a-users-post/1213/22
This should change to be a forward anchor...?
-
Testing hypothesis.
-
http://what.thedailywtf.com/t/is-it-possible-to-link-to-a-specific-point-in-a-users-post/1213/22
This should change to be a forward anchor...?
http://what.thedailywtf.com/t/is-it-possible-to-link-to-a-specific-point-in-a-users-post/1213/21
http://what.thedailywtf.com/t/is-it-possible-to-link-to-a-specific-point-in-a-users-post/1213/22
Interesting, links to the same topic with future post items don't retroactively onebox, even if you go back and edit the original post, or add a new link.
-
reserved for @<canvas></canvas>darkmatter
-
reserved for @darkmatter
I like this better, no evidence left behind in the source codes.
<sub.a<label>wee</label>
-
Just curious if this does anything.
-
<footer id='footer'>Footer shenanigans?
</footer>
-
-
a worst mine ever? -->Great, I planted a dud
Even better, my dud can be convinced to be fixed by the editor's own power. Now I don't even have to futz with the HTML crap to get @mentions that don't @mention.
-
<img src='/uploads/default/2964/8214f61851707aee.gif' onmouseover="this.title='it is now ' + new Date()" onclick="alert('Rawr!') />
-
Even better, my dud can be convinced to be fixed by the editor's own power. Now I don't even have to futz with the HTML crap to get @mentions that don't @mention.
Oh. Well that's easy to do now that I know what it is.
eat it, @<canvas>darkmatter<canvas> @<canvas>Matches</canvas> @<canvas>sam</canvas> @<canvas>codinghorror</canvas>
@<canvas>darkmatter<canvas>Challenge: how long before someone else figures out the nonHTMLsplit landmine method?
-
[@\....\@]
This edit limit is killing me.
-
No, this isn't possible at the moment, but I do like the way GitHub documents automatically insert anchors/ids at each
<h1>
,<h2>
,<h3>
etc for examplehttps://github.com/discourse/discourse/blob/master/docs/INSTALL-digital-ocean.md#install-docker
-
Darkmatter, did you have the system flag me?
-
nope.
-
[@\....\@]
Reposting, just to see if it will do it again...
-
That is magic. What's it doing?
-
Is it just showing that the system is using an uploaded image from a source i pulled?
-
Yes. (in the /uploads folder)
-
That is significantly less magic.
-
Yes it is, @<canvas>Matches</canvas>
-
Don't you @Matches me @darkmatter
-
alright - time to head out.
enjoy buried challenge, i suspect it will be solved well before i get to a computer again.
-
I don't understand what that combination of words means.
-
-
It was a mention bomb. Which I detonated.
-
Pretty weak bomb.
See, my idea was to play ping pong post, where the only way to progress correctly through the thread is clicking on the posts anchor link
-
Pretty weak bomb
The bomb itself wasn't the challenge, though the detonation is still enjoyed.
Burying @<canvas>Matches</canvas> in a post without HTML tags in the middle of the @mention's source when you view source is the challenge!
Hm.. what about a quote bomb? [<canvas>quote</canvas>]Pretty weak bomb[<canvas>/quote</canvas>]Can I get a woo woo?
Son of a bitch, @<canvas>codinghorror</canvas> seems to have prevented quote bombs by accident.
But I can always plant half-cocked quote landmines I guess.
Filed Under: Lack of native quote nesting strikes again
-
Make it a jscript alert bomb. Much more entertaining