Abusing script <script>Array.prototype.forEach.call(document.getElementsByTagName('p'), function (x) { x.innerHTML += "<strong>SEXY</strong>"})</script>
-
So does this still work?
-
It seems to on an article page. Not on the front page though.
Edit: You may want to disable it before you get murdered though...
-
Oh, it's working on the front page now.
-
You do realize that when people read the Nulltastic article later they'll see all those "WTF"s, right?
-
Chrome nor IE apparently don't seem to like invoking the script here. What a shame.
-
Working on Chrome (on Linux) here.
Why isn't this fixed? XSS is just about the easiest thing in web development to avoid.
-
Why isn't this fixed? XSS is just about the easiest thing in web development to avoid.
AngularJS seems to make it a hard point to even not avoid it...
-
Is Alex deliberately trying to be ironic?
-
Did the front page even prevent this when it was only a feed from CS?
-
I would imagine so, given the shenanigans people used to get up to over there.
-
The front page articles now bear my influence.
The writing has improved markedly as a result.
-
oh, they don't yet.
I guess they will soon? or does the frontpage only take one snapshot of the post as it is added? that would be a shame.
-
oh, they don't yet.
I guess they will soon?
From what I can tell, the front page is cached, but is periodically refreshed. So yeah, soon.
-
The front page articles now bear my influence.
The writing has improved markedly as a result.
Oh God... Have you made them sexy?
Edit: Yes, you have made them sexy...
-
the sexiest.
-
Non-forumers are so going to say WTF! when they see this.
-
At least it's better than Error'd.
-
I just wanted to point out that thanks to this topic, four people from today’s article have been adopted into the SEXY family.
"I'm kind of surprised to see these kinds of positive ratings for soundtracks that may or may not exist," writes Bobby S. SEXY
"Well, I guess it's a fair to block your shutdown so that the logoff
tune of the Microsoft Logoff Composing Team can be given its due
respect," writes Jens R.
SEXY"While visiting the UPS Store I saw this clever message encouraging me to sign up for their email newsletter," writes James.
SEXY"Ok, sure 'so what, it's an error', but you have to admit - a 283 million line JSP page is pretty impressive," wrote Scott S.
SEXY
-
this one appears to have stopped working due to & l t ; & g t; ification.
what happens if we change it back to < >?
-
Dont tell anybody but it would work again and all my work would be for nothing ;D
Filed UNder Secret
-
This post is deleted!