21

Discussions appears to implement additional filtering on the contents of posts, in order to enforce certain additional restrictions on what can be included in posts. Unlike other forms of filtering on the site, this isn't implemented as part of the rendering process. Instead, it appears to be a filter that is applied to the markdown source of a post before it is saved. Unfortunately, this implementation is buggy and can mangle posts in unintended ways.

If I submit a post containing the following in Discussions:

I have a `<script>` tag, and I'd like to know how I need to escape
everything before the `</script>` to safely include a dynamic value.

What's actually saved is the following:

I have a `` tag, and I'd like to know how I need to escape
everything before the `` to safely include a dynamic value.

The <script> tags are removed, even though they're inert text that I'm trying to discuss.

This bug makes Discussion unsuitable for discussing HTML, but the filtering is quite lose and can affect posts that aren't even using real HTML tags. If I submit the following:

The notation a < b means that a is less than b.

What's actually saved in the following:

The notation a

That is, the entire post following the < character is deleted, and because this is applied before the post is saved to the database, there's no way to edit the post and recover it.

This doesn’t apply to HTML tags that are normally allowed in posts; they’re not stripped.

10
  • 9
    Don't make me tap the sign! Commented Nov 29, 2024 at 20:47
  • 5
    This also lets you bypass the minimum character limit by ending your post with <123456789012345678901234567890. Commented Nov 29, 2024 at 20:50
  • 2
    It seems like the allowed tags don't get stripped (I tested with some of them and they seem to stick). Commented Nov 30, 2024 at 11:34
  • @AbdulAzizBarkat good point, edited post to reflect that Commented Nov 30, 2024 at 14:12
  • 3
    This garbles a lot of R code, since it uses <- for assignment, making the whole Discussions feature unusable for that language. -.- Commented Mar 30, 2025 at 6:38
  • How is this still tagged "status-review"? What is uncertain about the merit of this bug that eats code on a platform about writing code, after 4.5 months? Commented Apr 14, 2025 at 21:04
  • @Axeman nothing. It (this bug and Discussions in general) is just not a priority; ([status-review] creates a ticket internally for staff to keep track of the bugs/FRs, and they will address them when the "time" comes). I have recently brought it up with staff in light of the recent "coding challenges experiment". We'll see if it finally gets fixed. Commented May 23, 2025 at 3:33
  • @M-- My comment was based on the tag description: "the decision on its approval or decline requires more investigation". Commented May 23, 2025 at 16:39
  • @Axeman that's the excerpt. The description explains what I said: "There are multiple factors that may leave a report under review. There could be consideration of whether the proposed feature or bugfix is feasible or useful. There could be investigations on the complexity of the necessary solution...". Commented May 23, 2025 at 17:09
  • 3
    This bug has been fixed and the fix will be out when the coding challenges experiment begins. Commented May 23, 2025 at 20:15

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.