Try clicking this link (the domain is codeforces.com)
How I discovered this
UPD: The bug is fixed now, however there's another (see the comment below)
# | User | Rating |
---|---|---|
1 | tourist | 4009 |
2 | jiangly | 3823 |
3 | Benq | 3738 |
4 | Radewoosh | 3633 |
5 | jqdai0815 | 3620 |
6 | orzdevinwang | 3529 |
7 | ecnerwala | 3446 |
8 | Um_nik | 3396 |
9 | ksun48 | 3390 |
10 | gamegame | 3386 |
# | User | Contrib. |
---|---|---|
1 | cry | 166 |
2 | maomao90 | 163 |
2 | Um_nik | 163 |
4 | atcoder_official | 161 |
5 | adamant | 160 |
6 | -is-this-fft- | 158 |
7 | awoo | 157 |
8 | TheScrasse | 154 |
9 | nor | 153 |
9 | Dominater069 | 153 |
Try clicking this link (the domain is codeforces.com)
I notice that any quotation mark in the title will make the part after it disappear.
UPD: The bug is fixed now, however there's another (see the comment below)
Name |
---|
Thanks for the super quick fix, but it's still impossible to preview a post with one of
<>"
in the title.That leads to another attack -- Click here. Similar to the previous attack, it only works when you're logged in.
(Source: Is escaping < and > sufficient to block XSS attacks? — Stack Overflow)