# Brilliant and security holes?

First off, I'm going to be honest and say I'm not one of those brilliant Brilliant users (probably bottom 10%). I am new to JS, webdesign, html, php, JQ, and all the noob basics. To me, Brilliant is one of those giant imperialist CSS tanks that are flawless. I see you people out there making all sorts of witchcraft and inventing calculus. However, I've searched the archived posts and see none regarding this issue, if it even is an issue.

Still, I could be wrong as normal, because XSS is pretty much the number 1 most popular attack vector followed by SQL and XSRF. I do believe that it is just a mistake; I've tested on my own website (with permissions from myself) and found it is remarkably easy to forget just once to sanitize the html field. Plus, this happened to many giants in the past years such as Facebook, Edmodo, Google, Myspace (remember the Sami worm?), so could Brilliant evade an growing flaw before someone exploits it?

Hey, I'm pretty sure half of you nerds already found this and pfsh lol spock, nothing is gonna happen. But if I am wrong, please tell me about how so. I'm new to web flaws, give me a shout in the description so at least I know I'm not yelling into the darkness, I'll update if I forgot to mention something. Also, I intend no harm on Brilliant company I love this website tis of thee viva la brilliante don't get mad at me.

Note by Spock Weakhypercharge
5 years, 9 months ago

This discussion board is a place to discuss our Daily Challenges and the math and science related to those challenges. Explanations are more than just a solution — they should explain the steps and thinking strategies that you used to obtain the solution. Comments should further the discussion of math and science.

When posting on Brilliant:

• Use the emojis to react to an explanation, whether you're congratulating a job well done , or just really confused .
• Ask specific questions about the challenge or the steps in somebody's explanation. Well-posed questions can add a lot to the discussion, but posting "I don't understand!" doesn't help anyone.
• Try to contribute something new to the discussion, whether it is an extension, generalization or other idea related to the challenge.

MarkdownAppears as
*italics* or _italics_ italics
**bold** or __bold__ bold
- bulleted- list
• bulleted
• list
1. numbered2. list
1. numbered
2. list
Note: you must add a full line of space before and after lists for them to show up correctly
paragraph 1paragraph 2

paragraph 1

paragraph 2

[example link](https://brilliant.org)example link
> This is a quote
This is a quote
    # I indented these lines
# 4 spaces, and now they show
# up as a code block.

print "hello world"
# I indented these lines
# 4 spaces, and now they show
# up as a code block.

print "hello world"
MathAppears as
Remember to wrap math in $$ ... $$ or $ ... $ to ensure proper formatting.
2 \times 3 $2 \times 3$
2^{34} $2^{34}$
a_{i-1} $a_{i-1}$
\frac{2}{3} $\frac{2}{3}$
\sqrt{2} $\sqrt{2}$
\sum_{i=1}^3 $\sum_{i=1}^3$
\sin \theta $\sin \theta$
\boxed{123} $\boxed{123}$

Sort by:

We take all measures we can think of to try to secure our code and the site in general. We are aware of most of the things that can happen and we do our best to eliminate them. However, as many people are aware, it's virtually impossible to write code of significant complexity without some kind of vulnerability.

If you email support@brilliant.org and give a list of what you would like to test, I can review it and possibly give permission to do some vulnerability testing.

Staff - 5 years, 9 months ago

Greatest reverance! Honestly, I meant for this post to be a heads up over a minor one-time-slip because it happens to me all the time. I will certainly research and consider this carefully, however, I am well aware this website knows what it is doing. The script looks nicely encrypted beyond my experience and there csrf tokens everywhere as well as really salty hashes. I'm not the best for vulnerability tests, but I will certainly email if it improves Brilliant in any way.

- 5 years, 9 months ago

OK, I sent it. I also tend to use the Mozilla add-on hackbar to quickly test and secure my websites against general attacks.

- 5 years, 9 months ago

This seems like something @Sam Solomon would be able to answer.

- 5 years, 9 months ago

This is another thing that I'm coming from, kk?

- 5 years, 9 months ago