<marquee>XSS hole in activity page</marquee> - question titles are not HTML/XML-escaped

[Please support Stackprinter with a donation]

[+13] [0] Chichiray

[2010-12-29 18:49:22]

[ bug status-completed recent-activity profile-page ]

[ http://meta.stackoverflow.com/questions/73480] [DELETED]

On the 2nd page of my activity history ^[1] there's a XSS hole. The question title of http://stackoverflow.com/questions/4549719/displaying-textarea-value-as-html appears unescaped in the activity.

alt text

(it's by the way not specifically the 2nd page, it appears on every page, see e.g. the OP in question ^[2])

[1] http://stackoverflow.com/users/157882?tab=activity#apage_2-afilter_all
[2] http://stackoverflow.com/users/151200?tab=activity

(7) It's a bit of a waste not titling this <marquee>XSS hole in activity page</marquee> - Michael Mrozek

(1) @Michael: Yes, it also manifests on meta :) meta.stackoverflow.com/users/138231?tab=activity - Chichiray

Haha, funny. What about <blink>? - jjnguy

@MichaelMrozek Deviously brilliant - Tim Stone

(1) @BalusC Excellent - Michael Mrozek

Oh my goodness. How long has the activity page been tabbed and paginated? I've waited so long for that. - mmyers

@Michael Myers Yesterday - waiwai933

Yes, I discovered that today and guess what happened when I jumped to the 2nd page... - Chichiray

(1) @Geoff This still happens if you view /inbox directly (I don't think doing that is actually supported, so it probably doesn't matter) - Michael Mrozek