28

Considering this post (an answer): scrollTop() jQuery not working

I couldn't see the Run Snippet button. Any reason?

enter image description here

asked Aug 6, 2016 at 21:15
4
  • 5
    This seems to be an issue with the fact that the post has a score <= -3. The layer on top (adding the "faded" effect) is hiding the snippet. Commented Aug 6, 2016 at 21:21
  • @Tunaki Woah... Could it be? Are you sure about this? Haven't seen such a "feature" then. Commented Aug 6, 2016 at 21:23
  • 7
    The mind boggles. Some time ago, several users were unsuccessfully trying to figure out why a Stack Snippet in a particular post couldn't be made to work. Perhaps this was the reason. There should be a bug report or feature-request to have the [Run snippet] button replaced by a notice that the Snippet has been disabled in this situation. Commented Aug 6, 2016 at 22:41
  • @NisseEngström That's a good one. :) Commented Aug 7, 2016 at 1:25

1 Answer 1

47

After some digging, this is not a bug. The Stack Snippet is explicitly disabled when the post reaches a score of -3 or lower (i.e. when the post is greyed out), which is the case here.

Quoting Haney from this comment and this one also:

Fixed this by disabling heavily downvoted Snippets, which also gives users control over disabling malicious snippets.

it might be "overkill" but it adds a layer of user-controlled security. Snippet is malicious? Downvote it and it becomes un-runnable. Best option we could come up with after discussions.

This was tested in this Meta answer on the Stack Snippet sandbox.

answered Aug 6, 2016 at 21:39
6
  • 9
    Are malicious snippets frequent/ever occurring? Commented Aug 7, 2016 at 10:29
  • @Matsmath I haven't heard of any. Since the JavaScript code in snippets is executed in other domain than Stack Overflow, it's not possible to exploit it for XSS. A snippet could be malicious only if it was exploiting a browser bug. Commented Aug 7, 2016 at 18:17
  • 15
    @Gothdo It's possible to be malicious without exploiting something. When the snippet feature was first released, there was a user posting snippets that just draw inappropriate things on the screen when you run them. Commented Aug 7, 2016 at 18:23
  • @Gothdo It's possible to do phishing attacks. Commented Aug 9, 2016 at 1:35
  • Wow, what a horrible design decision Commented Nov 12, 2019 at 20:51
  • I feel like this feature should be published somewhere, this is the first I've ever heard of this. I just encountered it in the wild and searched around to check if the "bug" had happened before, turns out it's a feature instead. Commented Feb 19, 2021 at 21:44

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.