Try clicking this link (the domain is codeforces.com)
How I discovered this
UPD: The bug is fixed now, however there's another (see the comment below)
# | User | Rating |
---|---|---|
1 | tourist | 3993 |
2 | jiangly | 3743 |
3 | orzdevinwang | 3707 |
4 | Radewoosh | 3627 |
5 | jqdai0815 | 3620 |
6 | Benq | 3564 |
7 | Kevin114514 | 3443 |
8 | ksun48 | 3434 |
9 | Rewinding | 3397 |
10 | Um_nik | 3396 |
# | User | Contrib. |
---|---|---|
1 | cry | 167 |
2 | Um_nik | 163 |
3 | maomao90 | 162 |
3 | atcoder_official | 162 |
5 | adamant | 159 |
6 | -is-this-fft- | 158 |
7 | awoo | 155 |
8 | TheScrasse | 154 |
9 | Dominater069 | 153 |
10 | djm03178 | 152 |
Try clicking this link (the domain is codeforces.com)
I notice that any quotation mark in the title will make the part after it disappear.
UPD: The bug is fixed now, however there's another (see the comment below)
Name |
---|
Thanks for the super quick fix, but it's still impossible to preview a post with one of
<>"
in the title.That leads to another attack -- Click here. Similar to the previous attack, it only works when you're logged in.
(Source: Is escaping < and > sufficient to block XSS attacks? — Stack Overflow)