Jump to content

Passive XSS?


Guest .Master

Recommended Posts

It only works for YOU. Why would you XSS yourself? :rolleyes:

When previewing the message, it's just taking what you submitted and putting it back in the form. When you actually SUBMIT the message, it is cleaned.

If you want to XSS yourself, have fun - but it certainly won't cause any harm to the forum, the site, or any of the members of the site.

Link to comment
Share on other sites

I suppose the preview is not a preview of what is actually being sent, so that is a bug.
Surely everything that will be done to the message should be done to the message in the preview? Otherwise it's not a preview of what's being sent, it's just what you typed displayed in a blue box instead of a white one.

Link to comment
Share on other sites

*sighs*

It is taking EXACTLY (without ANY conversions) what submitted the first time and putting it back in the form fields - has nothing to do with the preview. What is previewed IS actually run through the cleaner.

Type in PM
Hit preview button
Previewed text is run through parser and displayed
What you submitted is then put back in the form fields - we can't take the converted content and put in the form field (that would break what you submitted) so we take what you originally submitted

You can submit it as a bug if you really feel so inclined, but I'll tell you - it's not high up on the priority scale. ;)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...