Could part of the problem be that each subreddit can set its own CSS? You can disable this (once you have an account) by unticking Preferences > allow subreddits to show me custom styles
It appears someone is able to change the custom CSS at will for multiple subreddits. He also claims he has access to all reddit accounts and he's selling the 0-day for BTC.
Gaming, AdviceAnimals, fffffuuuu and iama are affected.
For example, try accessing http://reddit.com/r/gaming and you'll see a black screen with the words "Half Life 3 confirmed". Nearly gave me a heart attack.
Code for the full-screen overlay:
<form action="#" class="usertext" onsubmit="return post_form(this, 'editusertext')" id="form-t5_2qh03d4n"><input type="hidden" name="thing_id" value="t5_2qh03"><div class="usertext-body"><div class="md"><p><a href="https://twitter.com/officialnea">Half Life 3 confirmed.</a></p>
</div>
</div></form>
Disabling custom CSS styles in your user settings will do nothing to prevent it.
EDIT: This has been posted by alienth a few days ago:
http://www.reddit.com/r/modnews/comments/205tik/mods_are_being_targeted_for_account_breakins_part/
It's a bug that we need to fix. I've seen similar things in other threads, but it doesn't come up that often. If anyone has ideas about what's going on here, emailing them to hn@ycombinator.com might help speed up the fixing process. (The core HN programmers have a... somewhat fraught relationship with CSS.)
Thanks for this! I've been dealing with this issue for a while now and somehow didn't think to use CSS to fix it (despite having a number of custom stylesheets for various sites).
Isn't this only an issue on sites that allow custom css? There aren't many of these sites around (the only one I know of is reddit). In most cases if you're in a position to tamper with the css you can also tamper with the js directly.
thanks for the information, the sharing section was added just now actually so probably the style.css file got cached in your browser, try refreshing the page or clearing cache, this should help I hope. thanks again for sharing!
We’re designing a new set of tools to address the challenges with CSS but continue to allow communities to express their identities. These tools will allow moderators to select customization options for key areas of their subreddit across platforms. For example, header images and flair colors will be rendered correctly on desktop and mobile.
We know great things happen when we give users as much flexibility as possible. The menu of options we’ll provide for customization is still being determined. Our starting point is to replicate as many of the existing uses that already exist, and to expand beyond as we evolve.
Sounds like they're trying to keep the same flexibility as the existing CSS options, which is a bit different than removing styling.
reply