The New Forum with The Old Glitches [Solved]

Now it is my turn, and the new forum was rolled out for me. I am not going to talk about its' new glitches (maybe later). This post is about one of the old bugs.

In January 2016, I found a problem like this: if someone adds a text string with a certain sequence of characters (it is not difficult) into his own post or as a comment to a post of someone else, this post becomes to be inaccessible to everyone including administrators and moderators. So, anyone can damage any post in the forum including the sticky posts if this person is able to leave a comment there.

I immediately reported the problem and got this:

Duolingo Team
Reference code: 545133
Subject: Bug: the string of death

And.. there was no reaction at all, although the problem was still here. A few months later I wrote a post in the forum (without mentioning the string itself), and my post was removed. A little bit later I wrote into the Activity stream of one of moderators, and then I got an answer that this problem is known and I should not worry. And... you got it right! My message was removed again. Last year the first forum update was rolled out, that one, which was very glitchy. Now guess, has the bug been fixed? No! I wasn't too lazy to write about this in the announcement and they answered me:

From here:

It took another eight months, and today I got the next, current version of the forum. I am checking access to the special post ... Have you already guessed? But I will write it anyway:

[HTTP/2.0 500 Internal Server Error]

This one is more interesting, in the past the server was not so talkative:

Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/flask/", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python2.7/site-packages/flask/", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python2.7/site-packages/flask_cors/", line 161, in wrapped_function
return cors_after_request(app.make_response(f(args, kwargs)))
File "/usr/local/lib/python2.7/site-packages/flask/", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python2.7/site-packages/flask/", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python2.7/site-packages/flask/", line 1799, in dispatch_request
return self.view_functionsrule.endpoint
File "/usr/local/lib/python2.7/site-packages/duolingo_base/view/", line 334, in decorated
return func(*args,
File "./monolith/common/models/", line 26, in wrapped
result = fn(
args, kwds)
File "./forum/view/", line 54, in web_get_comment
return json.jsonify(show_comment(request))
File "./forum/view/", line 135, in show_comment
discussion, user_id, language=comment.topic.from_language
File "./forum/lib/", line 59, in init
self.marked_down_messages = bulk_markdown_to_html(id_to_message)
File "./forum/lib/", line 27, in bulk_markdown_to_html
htmls[i] = markdown_to_sanitized_html(id_to_text[comment_id])
File "./monolith/common/util/", line 614, in markdown_to_sanitized_html
File "/usr/local/lib/python2.7/site-packages/markdown/", line 494, in markdown
return md.convert(text)
File "/usr/local/lib/python2.7/site-packages/markdown/", line 380, in convert
output = self.serializer(root)
File "/usr/local/lib/python2.7/site-packages/markdown/", line 282, in to_xhtml_string
return _write_html(ElementTree(element).getroot(), format="xhtml")
File "/usr/local/lib/python2.7/site-packages/markdown/", line 202, in _write_html
qnames, namespaces = _namespaces(root, default_namespace)
File "/usr/local/lib/python2.7/site-packages/markdown/", line 268, in _namespaces
File "/usr/local/lib/python2.7/site-packages/markdown/", line 228, in add_qname
uri, tag = qname[1:].split("}", 1)
ValueError: need more than 1 value to unpack

I am tired of this stupid policy of hushing up problems. In my personal opinion, nothing good will come out of it. That is why I decided to write this post. I haven't publish the string for obvious reasons. Duolingo's employees can easily find it in my report #545133. I hope this was my last attempt to highlight this problem. The string is not that complicated, it can be obtained at random, especially since there are innumerable numbers of variants of how this string can be written.

I still hope the issue will be solved.

P.S. Before you remove this post, please explain me the reason.

P.P.S. After 15 hours I received confirmation that the problem was solved!

June 28, 2018


Sorted by top post

Hi FieryCat,

Thank you for reporting the bug. We have just made a fix to the forum so that the special sequence of string doesn't break our program.

June 28, 2018

I just checked that and I am confirming: after two and a half years the problem is finally solved. Thank you.

June 28, 2018

I sympathise with you and understand your chagrin. You have spent two and a half years keeping an eye on this thing and reporting it diligently for the good of everyone here and been persistently fobbed off with non-answers by admin. Thanks for your efforts, but no thanks to DL for not dealing with it sooner

June 29, 2018

Does this fix the hidden comments that sometimes magically reappear (if only for a little while) when someone else makes a post?

I have encountered those on several occasions and it has also been done to a few of my own comments.

EDIT: Here is an example:

June 28, 2018

No, it doesn't.

June 28, 2018

This one (#1041530) is even more dangerous for users. I just reported it. This bug is in the new forum, in the same module.

June 28, 2018

Oh, thanks for another one! We've just pushed a fix on this one too. We really appreciate it!

June 30, 2018

Браво, мой друг! Ты прав! Они не должны игнорировать такие проблемы. Это плохо отражается на компании. Спасибо тебе за этот пост. Mожет быть, теперь они будут уделять больше внимания ...)

June 28, 2018

Спасибо за поддержку. По результатам сегодняшнего дня я теперь знаю каким именно образом следует оформлять отчеты о критических ошибках, чтобы на них оперативно реагировали :)

June 28, 2018

By the way, since the problem is solved, I decided to share that special sequence of chars. Here is it: {@{@x=x}x=x}. Instead of x, you could use any letter or several letters.

June 28, 2018

That doesn't seem like something someone would type on accident.

June 28, 2018

Have you seen this:

...especially since there are innumerable numbers of variants of how this string can be written.

Does that string remind you nothing? I got that string almost by accident. Hint: the markdown attributes.

June 28, 2018

Like I said, in what situation(s) on the Duolingo forum would you need to type {@{ followed by the other stuff? AFAIK that wouldn't correspond to any Markdown or special HTML code like [color=HEX].

June 28, 2018

Registered: 1 year ago

Hmm. You did not catch the times of communism on duolingo, when everyone could use ANY attributes of HTML by using curly brackets in his comments and posts. I'm too lazy to explain this, sorry.

June 28, 2018

Oh goodness. Even script tags worked? Now I'm wondering if any old comments had viruses or crash scripts on them...

By the way, I think you meant "anarchy."

June 28, 2018

Oh goodness. Even script tags worked?

Yes, they did.

Now I'm wondering if any old comments had viruses or crash scripts on them...

I have stored this message for history:

You can see the result in that post.

June 28, 2018

What kind of code is being shown above? Recently I've started learning programming and I'm curious to know what's going on up there.

June 28, 2018

That is the debugging information with file names and locations, line numbers and so on. Python is used there as a programming language.

June 28, 2018

Thank you very much!

June 28, 2018

Hi FieryCat,

I had plans to write to you why not use this thread immediately.

Thanks for your tips e.g for the "whitelist workaround" in another thread you came across my complaining comment, and how to use it not only for my PT-EN course but also with the new (BETA?) forum for my forward EN-PT course, where the console command was already ignored on the URL.

Your feedback was greatly appreciated!

You would be one of those users and programmers who deserved a big "Insider" circle! :-)

Your tip helped me so much to test out again many of my skills in June of my updated EN-PT tree which were completely corrupted in my extended user profile (because of old lesson variables "lessons_missing", "num_missing" (lexemes), "next_lesson" had been RESET); see my added comment:

Now my EN-PT progress page looks much better again :-)


The old Python 2016 frontend UI code additionally showed:

  • alternative valid answer in a white textbox at the bottom (the DEFAULT best solution shown from the sentence discussion where another answer was accepted or suggested in red because of errors)

  • question difficulty x/10 ratings (I honestly have never seen this before in 2017+2018) when specifc lessons 1-10 were started (this was not working with a test out)....but both functionality was removed with the Scala 2017 UI frontend or 2018 "Crown overlay" code.

Maybe we can read the question difficulty ratings (from the lessons) by a new user script and make it visible again in the 2018 "Crown Overlay"?

Finally I have been migrated to the new forum not only for my courses from base language English, but also for PT-DE/PT-EN (from Portuguese).

So either more BETA testing....or this is the final rollout to all users (like you say in your post you have finally been migrated too)?!?

However I just noticed, that the "whitelist workaround" does not work anymore from the "add courses" page for any base language!
Have you already noticed it?
I was trying to help several users to fix their SHOF progress page because of 1-3 corrupted (resetted) skills.

So indeed, staff can patch code if they feel any desire ;)

  • Like your crown A/B opt-in rollback code
  • whitelist workaround

Thanks again for your long-term community support!

Viele Grüße aus Deutschland

June 28, 2018

Hi ,Thomas!
I'm glad that my advice is useful for you and other users. Often this is a result of my infrequent investigations of duolingo.

alternative valid answer in a white textbox at the bottom (the DEFAULT best solution shown from the sentence discussion where another answer was accepted or suggested in red because of errors)

I lack this functionality too. I even wanted to write a script that returns this. But currently I do not have spare time for that. Maybe later.

However I just noticed, that the "whitelist workaround" does not work anymore from the "add courses" page for any base language! Have you already noticed it?

Yes, I have noticed it. They finally removed the old code from most places of the site.

Thanks again for your long-term community support!

You are welcome. And many thanks to you: your comments are also very interesting and useful.

June 28, 2018

This glitch has been here for months, but here it is:

See a post? Want to know how many comments/upvotes it has? Well you can't find out without going into the post itself. Because the comment amount is never the same. Only when you actually go into the post and it says the amount of comments can you find the right amount. The one on the forum page is wrong. Almost always.

This has been happening probably since last fall. Not sure when it started.

June 28, 2018

Not sure when it started.

After this: See the comments there.

June 28, 2018

Alternative answer solutions

  • This thread was created 10 months ago and answered by Nueby the Czech moderator and contributor:

"Show alternative correct translations button":

  • This thread about the same subject has already 119 up-votes (created two weeks ago):


July 30, 2018
Learn a language in just 5 minutes a day. For free.