example reproduction __CODE_PLACEHOLDER_1____CODE_PLACEHOLDER_1____CODE_PLACEHOLDER_1____CODE_PLACEHOLDER_1____CODE_PLACEHOLDER_1____CODE_PLACEHOLDER_1__ __CODE_PLACEHOLDER_2____CODE_PLACEHOLDER_2____CODE_PLACEHOLDER_2____CODE_PLACEHOLDER_2____CODE_PLACEHOLDER_2____CODE_PLACEHOLDER_2__ __CODE_PLACEHOLDER_3____CODE_PLACEHOLDER_3____CODE_PLACEHOLDER_3____CODE_PLACEHOLDER_3____CODE_PLACEHOLDER_3____CODE_PLACEHOLDER_3__ __CODE_PLACEHOLDER_4____CODE_PLACEHOLDER_4____CODE_PLACEHOLDER_4____CODE_PLACEHOLDER_4____CODE_PLACEHOLDER_4____CODE_PLACEHOLDER_4__ __CODE_PLACEHOLDER_5____CODE_PLACEHOLDER_5____CODE_PLACEHOLDER_5____CODE_PLACEHOLDER_5____CODE_PLACEHOLDER_5____CODE_PLACEHOLDER_5__ __CODE_PLACEHOLDER_6____CODE_PLACEHOLDER_6____CODE_PLACEHOLDER_6____CODE_PLACEHOLDER_6____CODE_PLACEHOLDER_6____CODE_PLACEHOLDER_6__ __CODE_PLACEHOLDER_7____CODE_PLACEHOLDER_7____CODE_PLACEHOLDER_7____CODE_PLACEHOLDER_7____CODE_PLACEHOLDER_7____CODE_PLACEHOLDER_7__ test
Ah, I see what is going on. This basically requires maliciously formatted markdown that takes advantage of some placeholder text we use to protect codeblocks from getting incorrectly formatted by the
markdown_to_htmlfunction. You basically stuff the markdown full of those placeholder strings so that they are incorrectly being substituted.I will give this one some thought. I think it might make sense to have something like a short, random string tacked onto the end of the placeholder text (like I did for the footnote links to prevent id collisions).
Removed by mod
I dont get it
This was a bug that we patched yesterday. Originally, this post basically acted like a zip bomb and the text blew up to be enormously huge to the point that the page often wasn’t loading correctly. This user basically found an exploit in PieFed’s markdown to html conversion and, instead of disclosing it to the maintainers, made a troll-y post about it that started breaking things.
It is patched now though as of PieFed 1.4.5.
deleted by creator
