Thread: why has Muff not left the site for twelve days & only has one picture?
View Single Post
Old 10-14-2014, 09:28 AM   #2
Diode
PR's Finest
 
Diode's Avatar
 
Join Date: Aug 2013
Posts: 14,165
Battle Record: 12-7



Rep Power: 85899410
Diode has a reputation beyond reputeDiode has a reputation beyond reputeDiode has a reputation beyond reputeDiode has a reputation beyond reputeDiode has a reputation beyond reputeDiode has a reputation beyond reputeDiode has a reputation beyond reputeDiode has a reputation beyond reputeDiode has a reputation beyond reputeDiode has a reputation beyond reputeDiode has a reputation beyond repute
Default
Quote:
Originally Posted by Certain View Post
<iframe class="vine-embed" src="https://vine.co/v/Oqaq0W1UpwL/embed/simple" width="600" height="600" frameborder="0"></iframe><script async src="//platform.vine.co/static/scripts/embed.js" charset="utf-8"></script>
enabling HTML is not a good idea, @namix. especially an embedded .js.

if i can successfully quote this, i can successfully do bad things. you probably only enabled it for admins but as you can see, admins can be quoted and the HTML can be modified. i could replaced that embedded javascript with something malicious.

srs, no angry admin.
__________________
Diode is offline   Reply With Quote