The Return of the Black Lord?

    Here's what happens if you don’t perform HTML cleanup and special character adaptation.

    Habr developers - a shame! The site has been working for more than one year, but so far they haven’t done a safe output of content! Neither the adaptation of characters, nor the cleaning of HTML from harmful impurities!

    It's good that rage there are guys like Satana , drawing attention to the problem. But everything can be more serious. I will not be surprised if it soon becomes clear that some cunning guys have long been quietly exploiting various vulnerabilities of the Habr to a wide audience. For example, they build botnets from us.

    Sorry for the harshness, but this is a disrespect for visitors. So you can lose confidence in the site.

    PS It is stupid to justify that “a new version is coming soon”. Imagine if Micrsoft stopped releasing critical updates to Windows XP, motivating it with “Vista coming soon” ?! Maybe it will, but all sorts of “cool hackers” are exploiting the habr right here and right now. Are you sure your browser does not have any vulnerabilities? Me not. Although I use the latest Firefox in ubuntu and put all the updates.

    Upd: For anyone who thinks that I'm talking about botnets, I suggest typing in Google the phrase “Internet Explorer CSS vulnerable.” For example, a vulnerability (MS07-033) Microsoft CSS Tag Memory Corruption Vulnerability dated 06/12/2007, with a wonderful description of "A vulnerability in Microsoft Internet Explorer may allow for remote code execution."A user would have to visit a malicious Web site or open a HTML e-mail attachment for an attack to occur." There is still a lot of such goodness in Google, try replacing “CSS” with “PNG”, “GIF”, “JavaScript” and all sorts of other smart words :) I hope everyone has a licensed Windows with all the updates? ;)

    Also popular now: