Can someone explain last year's reddit exploit to me?

views:

123

answers:

+4 Q:

Can someone explain last year's reddit exploit to me?

Last year a user managed to inject arbitrary javascript into reddit's markdown syntax. Can someone explain how this was done and how I can test whether my site is similarly vulnerable?

+2 A:

Blog entry on the exploit:

http://blog.reddit.com/2009/09/we-had-some-bugs-and-it-hurt-us.html

The patch that fixed it:

http://code.reddit.com/changeset/1f1f0606f5b6bf14a0db55a28cfd03e1e42e3550

jedberg 2010-03-06 17:18:02

related questions

What JavaScript patterns do you use most?

Javascript events

What style do you use for creating an "class" in JavaScript?

Graphing JavaScript Library

What's the difference in closure style

Getting the text from a drop-down box

How to specify javascript to run when ModalPopupExtender is shown

Length of Javascript Associative Array

How Do I Post and then redirect to an external URL from ASP.Net?

How to set up a CSS switcher in ASP.NET

Wrapping lists into columns

Javascript keyboard events primer? (or rather: help me with my custom dropdown)

Http Auth in a Firefox 3 bookmarklet

Best Debugging Tools for JavaScript/xulrunner Development

How can I turn a string of HTML into a DOM object in a Firefox extension?

Call ASP.NET Function From Javascript?

Javascript troubleshooting tools in IE

MAC addresses in JavaScript

Capturing TAB key in text box

CSS Background Color in Javascript

How can I make the browser see CSS and Javascript changes?

Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?

ASP .Net Custom Client-Side Validation

What JavaScript library would you choose for a new project and why?

Detecting font in JavaScript

ansaurus

tags:

views:

answers:

Can someone explain last year's reddit exploit to me?

related questions