Gabe avatar

Reporting 3 Bugs in Steemit - severity: high, med, low

gaottantacinque

Published: 17 May 2018 › Updated: 17 May 2018Reporting 3 Bugs in Steemit - severity: high, med, low

Reporting 3 Bugs in Steemit - severity: high, med, low

Bug 1:

Links opened in a new tab - #security #xss

These links in the menu section use the infamous   target="_blank"   attribute:

  • Blocktrades
  • GOPAX
  • The Steemit Shop
  • Steem Chat
  • Jobs at Steemit
  • Apps Built on Steem
  • Steemit API Docs
  • Steem Bluepaper
  • SMT Whitepaper
  • Steem Whitepaper
  • About

Same for the "Markdown Styling Guide" link in the top right corner of the preview box that appears when the user drafts a new post.

What's the issue with that?

In a nutshell if the third party site is compromised the attacker can perform a phising attack on the steemit webpage from which the link was opened.

The solution consists in using a temporary iframe to open the new tab from. (Note: simply adding rel="noopener noreferrer" to the link is not a valid fix for all browsers - eg. Safari)

For more details see HERE and HERE.


Bug 2:

Post tags - #bug

Removing tags from a post is buggy.

SEE THIS POST for more details and STEPS TO REPRODUCE the bug


Bug 3:

Custom links - #veryminorbug

An a html tag with a href without any value (no string assigned and no equal symbol) is eventually rendered as:
bug steemit.png

(See example in my post here where I was playing with markdown and XSS testing)

Leave Reporting 3 Bugs in Steemit - severity: high, med, low to:

Written by

Founder of @cryptoshots.nft, @keys-defender, @marcocasario, @karina.gpt, ...

Read more #steemit-issues posts


Best Posts From Gabe

We have not curated any of gaottantacinque's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.

More Posts From Gabe