5 votes

hmmm

Posted by Soptik (edited )
Tags: tag btn, very long tag which card is not last word, tag that is dropdown menu, this isnt toast, this is topic, tag that is comment, tag that is absolute, tag that is divider, tag that is step, tag that is avatar, tag that is label

mmm

Edit: gitlab issue

4 comments

  1. [4]
    Comment deleted by author
    Link
    1. [3]
      Soptik
      Link Parent
      If you take a look at tildes CSS (https://tildes.net/css/tildes.css), you see classes. All classes that are one word (without -) can be used in tags. You just have to tag post with any tag with...

      If you take a look at tildes CSS (https://tildes.net/css/tildes.css), you see classes. All classes that are one word (without -) can be used in tags. You just have to tag post with any tag with multiple words (delimited by spaces) and one (or more) of them have to be name of the css class.

      That's because class of tag is following format label-topic-tag-<name of tag>. In HTML, CSS classes are delimited by space. So by having space in tag name, you can inject css classes into tags.

      1 vote
      1. [3]
        Comment deleted by author
        Link Parent
        1. [2]
          Soptik
          Link Parent
          Technically, I can inject any classes, not just those that are defined. However, those who are undefined will have no effect. Yes, good to point out. Otherwise, we could abuse css exfil vulnerability

          Technically, I can inject any classes, not just those that are defined. However, those who are undefined will have no effect.

          Yes, good to point out. Otherwise, we could abuse css exfil vulnerability

          3 votes
          1. [2]
            Comment deleted by author
            Link Parent
            1. Soptik
              Link Parent
              Yes, I tried to apply custom style as soon as I saw the post with bordered tag but it didn't work, even sending customized data to server (to avoid client side validation) didn't work. I think...

              Yes, I tried to apply custom style as soon as I saw the post with bordered tag but it didn't work, even sending customized data to server (to avoid client side validation) didn't work. I think it's safe.

              1 vote
  2. figment
    Link
    list 1 list 2 this is a text sample with bold
    • list 1
    • list 2

    multiline
    quotes
    nice

    this is a text sample with bold