11·
1 year agoFrom the fix, I believe the custom emojis were not double checked after a user submits a post. The post data was used to display the emojis, and thus allowing injection.
The fix now is to search the emojis in the custom emojis list from the backend rather than the user post.
You can even see the decline in posts and votes before GPT became mainstream. This definitely look more like search engine failing to get rid of those cheap copycats.