Try clicking this link (the domain is codeforces.com)
How I discovered this
UPD: The bug is fixed now, however there's another (see the comment below)
Try clicking this link (the domain is codeforces.com)
UPD: The bug is fixed now, however there's another (see the comment below)
| № | Пользователь | Рейтинг |
|---|---|---|
| 1 | tourist | 3690 |
| 2 | jiangly | 3647 |
| 3 | Benq | 3581 |
| 4 | orzdevinwang | 3570 |
| 5 | Geothermal | 3569 |
| 5 | cnnfls_csy | 3569 |
| 7 | Radewoosh | 3509 |
| 8 | ecnerwala | 3486 |
| 9 | jqdai0815 | 3474 |
| 10 | gyh20 | 3447 |
| Страны | Города | Организации | Всё → |
| № | Пользователь | Вклад |
|---|---|---|
| 1 | maomao90 | 174 |
| 2 | awoo | 164 |
| 3 | adamant | 163 |
| 4 | TheScrasse | 159 |
| 5 | nor | 157 |
| 6 | maroonrk | 155 |
| 7 | -is-this-fft- | 152 |
| 8 | Petr | 146 |
| 8 | orz | 146 |
| 10 | BledDest | 145 |
Thanks for the super quick fix, but it's still impossible to preview a post with one of
<>"in the title.That leads to another attack -- Click here. Similar to the previous attack, it only works when you're logged in.
(Source: Is escaping < and > sufficient to block XSS attacks? — Stack Overflow)