ohhihohello57
|
Hey, iWarg.
So I was posting a thread containing some very benign JavaScript in a to see if your forum really is XSS paradise. But after posting, I got hit with a MySQL error, which I found odd.
I decided to check on the forums if it exists anyway, and it does. But the replies counter is glitched, and when I access the thread, no post pane is shown. Not even the JavaScript I embedded works.
I URGE you to fix this and make it so that any HTML tags are escaped (not removed, because I see that the bold tags I added to the word "URGE" are now gone, but escaped as human-readable text instead of markup), as people might make more glitchy threads or get away with XSSing and screw the forum.
~ ohhihohello57
if (Nerd->Personality == (NERD_PERSON_FRONTFACING + NERD_PERSON_SMARTALEC)) { return; }
|
![[Reply]](img/forum/topicreply2.png)