There's an exploit on YT allowing people to post scripts that break the comment system. This breaks a lot of the functionality of pages where such comments can appear (video and channel pages, etc.). If anyone here has a channel, particularly a popular one, it might be a good idea to disable comments until it's fixed.

Anything that encourages Youtube comment disabling is a bonus in my book.

Just looked at Shane Dawson's videos and the comments section on all of them doesn't go past the first five...unfortunantly it doesn't fix the worst thing about the page, the video still works fine.
http://www.youtube.com/watch?v=7U9CKtcIwwk
(my friend did this)

Update: Some of these scripts are now allegedly being used to load shit onto people's computers when they go to the exploiter's channel page in order to block them.
A workaround is to add the exploiter to your contacts by copy-pasting their channel name into a new contact entry, saving it, then blocking the new contact.
Further update: Confirmed cases of people being redirected to malware sites when viewing some videos whose comments have been hit with the scripts. YT now seems to have implemented a blanket "safety mode" that hides comments, though they can still be unhidden. Best bet is still to disable comments, particularly for new/popular videos.

Reportedly, it was 4chan wot did it. I know, surprising.

dunno get it...
can someone post a link to affected video so i can see it myself?

It now seems to be fixed. The safety mode has been lifted and the offending posts have disappeared.

Whoever caused this I hope he gets hit by an air dropped yellow double decker bus.

This is a pretty major fuckup for a site like YouTube. This is the kind of vulnerability that was quite common to see back in the mid 90s, but you'd think people would have learned by now to properly sanitize any inputs on their websites.

I was wondering why there was a "safety mode" on youtube this morning. At least its fixed now.

They prevent links being posted but don't otherwise sanitise the comment system? Really? This is a grave oversight.

From what I read it wasn't quite as simple as that. Rather, they did have measures in place to sanitize entries, but if an entry was prefixed with <script> then while <script> would be removed everything following it would then not be sanitized. So not quite as bad as just not sanitizing entries at all, but still a major fuckup.

Turns out what they've done is prevent the word "script" from appearing in comments. So now the inevitable "Read the description" become "Read the deion."

So, this has definitely been fixed? No more malicious scripts being run? Completely safe?

It's all fixed. So no more nasty shit. As I said, it's just that the word script won't appear.
eg.
"description" becomes "deion".
"prescription" becomes "preion".
"script" becomes "".