Lost account access

As a part of its privacy policy, NoBleme will protect your anonymity as much as possible. This means that you will never be sent any emails that could be used to link you to your identity on the website, or asking you to provide your password. On top of that, automated password recovery systems can be used in a few nefarious ways that we would rather not have to deal with. With this context in mind, NoBleme decided to not implement an automated account recovery process.

If you have lost access to your account (forgotten username, forgotten password, or otherwise), the only way to recover that access is to go on NoBleme's NoBleme's IRC chat server and ask for a website administrator to manually reset your account's password. No need to worry about identity usurpation, there is a strict process in place that will allow the administrator to verify your identity before doing the resetting.



Task #667

Possible XSS in meta description

Task opened 2 years ago (Thursday, May 5th 2022 at 21:41:40) by 0x57
Task solved 2 years ago (Friday, May 6th 2022 at 10:50:14)
Source code of the patch that solved the task
Task milestone: 4.2.x

Task details:

Potentially, applying html_fix_meta_tags() after truncating the description could be enough to fix this?

Give it a clean test.

In case it is enough to fix it, ensure that meta descriptions still don't get too long (eg. meta desc full of special chars -> truncate -> fix meta tags -> it's too long now)

Quote by supakeen:

Also *theoretically* if you're escaping for attribute values inside double quotes one only needs to to do " -> " and & -> &