Incomplete comment showing in comments tab in profile

in #utopian-io6 years ago (edited)

Expected behavior

When I write a comment like the following Good <insert-timezone> it should be rendered in the comments tab into my profile.

Actual behavior

Writing this comment: "Good <insert-timezone>", is previewed as only "Good" in the comments tab into the profile.

How to reproduce

Doing it in your own:

  1. Go to any post.
  2. Comment the following in this post: Good <insert-timezone>
  3. Go to your profile and click in the comments tab.

Doing it by using my profile as an example:

  1. Go to my comment: Click to see the comment
  2. Now go to the comments in my profile Click to go to profile
  3. Comment is only "Good" instead of Good <insert-timezone>

Environment

  • Browser: Google Chrome Version 63.0.3239.132 (Official Build) (64-bit)
  • Operating system: macOS High Sierra

Visual Reproduction of the bug

Here is a GIF showing a visual production of this bug
commentbug.gif

commentbug.gif


Posted on Utopian.io - Rewarding Open Source Contributors

#steemit #apps #bughunting #programmer
6 years ago in #utopian-io by
$20.85
  • Past Payouts $20.85, 0.00 TRX
  • - Author $14.53, 0.00 TRX
  • - Curators $6.32, 0.00 TRX
4 votes
Reply 7
Sort:  
  • Trending
    • [-]
     6 years ago 

    Hey @jaysermendez I am @utopian-io. I have just upvoted you!

    Achievements

    • You have less than 500 followers. Just gave you a gift to help you succeed!
    • Seems like you contribute quite often. AMAZING!

    Suggestions

    • Contribute more often to get higher and higher rewards. I wish to see you often!
    • Work on your followers to increase the votes/rewards. I follow what humans do and my vote is mainly based on that. Good luck!

    Get Noticed!

    • Did you know project owners can manually vote with their own voting power or by voting power delegated to their projects? Ask the project owner to review your contributions!

    Community-Driven Witness!

    I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!

    mooncryption-utopian-witness-gif

    Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x

    [-]
     6 years ago 

    keep sharing, more power!

    $0.00
      Reply
      [-]
       6 years ago 

      Thank you for the contribution. It has been approved.
      Very nice finding.
      At first it was steemit doesnt let you pass html tags in posts/comments. You somehow managed to bypass that by adding - Very well. @justyy check this out.
      original bug here
      i think they need to recheck their regex.
      You can contact us on Discord.
      [utopian-moderator]

      $0.00
        Reply
        [-]
         6 years ago 

        Yup! Regex was bypassed by simply adding a dash into the tag. It can lead to XSS! Thanks

        [-]
         6 years ago 

        I think this happens to busy.org as well...

        $0.00
          Reply
          [-]
           6 years ago 

          It happens in all of them. Should I made a report for each one? Haha

          $0.00
            Reply

            Coin Marketplace

            STEEM 0.28
            TRX 0.13
            JST 0.032
            BTC 60682.45
            ETH 2903.00
            USDT 1.00
            SBD 3.54