GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Kirino Kousaka (kirino@seal.cafe)'s status on Wednesday, 31-Jan-2024 00:34:13 JST Kirino Kousaka Kirino Kousaka
    • cassidyclown
    • Rusty Crab
    • Zambia
    • Johnny Peligro

    P wrote into his instance to send posts wrapped in an inline tag, I believe soapbox would reject the content but accept the post.

    Not entirely sure on the issue itself, but the result was any post from FSE would appear blank to any soapbox users.

    Alex refused to fix it as it wasn't an issue with Soapbox (as it was working as intended), but was instead a case of someone purposefully breaking their own instance.

    In conversation Wednesday, 31-Jan-2024 00:34:13 JST from seal.cafe permalink
    • Embed this notice
      cassidyclown (cassidyclown@clubcyberia.co)'s status on Wednesday, 31-Jan-2024 00:48:47 JST cassidyclown cassidyclown
      in reply to
      • 
      • Rusty Crab
      • Phantasm
      • Zambia
      • Johnny Peligro
      @Kirino @RustyCrab @diurnalfreak666 @phnt @mischievoustomato I wasn't involved at all it was entirely @mint 's fault (secret fse puppetmaster)
      In conversation Wednesday, 31-Jan-2024 00:48:47 JST permalink
       likes this.
    • Embed this notice
      Kirino Kousaka (kirino@seal.cafe)'s status on Wednesday, 31-Jan-2024 00:48:53 JST Kirino Kousaka Kirino Kousaka
      in reply to
      • cassidyclown
      • Rusty Crab
      • Phantasm
      • Zambia
      • Johnny Peligro

      Which is sort of my point. It went against the accepted way all major AP softwares formatted shit. It was a non-issue which became an issue just to intentionally make an issue.

      Either way, we can all agree it was extremely funny from all sides and am happy that me, @cassidyclown and @mint inadvertently caused it. :D

      In conversation Wednesday, 31-Jan-2024 00:48:53 JST permalink
       likes this.
    • Embed this notice
      Johnny Peligro (mischievoustomato@rebased.taihou.website)'s status on Wednesday, 31-Jan-2024 00:48:54 JST Johnny Peligro Johnny Peligro
      in reply to
      • cassidyclown
      • Rusty Crab
      • Phantasm
      • Zambia
      the thing is that nothing used the inline thing b4 p did that
      In conversation Wednesday, 31-Jan-2024 00:48:54 JST permalink
    • Embed this notice
      Kirino Kousaka (kirino@seal.cafe)'s status on Wednesday, 31-Jan-2024 00:48:55 JST Kirino Kousaka Kirino Kousaka
      in reply to
      • cassidyclown
      • Rusty Crab
      • Phantasm
      • Zambia
      • Johnny Peligro

      Yeah, I guess the argument is "should it ignore entirely or fix the potentially unsafe part"

      For me I'd personally just fix the unsafe part, but I can understand the logic for not wanting to do that and taking a potentially "safer" route.

      Hopefully I understood your point.

      In conversation Wednesday, 31-Jan-2024 00:48:55 JST permalink
    • Embed this notice
      Phantasm (phnt@fluffytail.org)'s status on Wednesday, 31-Jan-2024 00:48:56 JST Phantasm Phantasm
      in reply to
      • cassidyclown
      • Rusty Crab
      • Zambia
      • Johnny Peligro
      @Kirino @RustyCrab @cassidyclown @diurnalfreak666 @mischievoustomato
      > It's apart of the parser which cleans up potential malicious code?
      Depends on the point of view. It shouldn't interpret what it got from backend as something safe IMO. It should check if the content makes sense and escape what doesn't make sense. If I send you an HTML formatted message with line-height: 1000px, do you expect the frontend to break and display it with that CSS? Probably not. Same goes for the tag, it should check if it tag is supposed to be interpreted or not.
      In conversation Wednesday, 31-Jan-2024 00:48:56 JST permalink
    • Embed this notice
      Phantasm (phnt@fluffytail.org)'s status on Wednesday, 31-Jan-2024 00:48:57 JST Phantasm Phantasm
      in reply to
      • cassidyclown
      • Rusty Crab
      • Zambia
      • Johnny Peligro

      @Kirino @RustyCrab @cassidyclown @diurnalfreak666 @mischievoustomato

      Alex refused to fix it as it wasn't an issue with Soapbox (as it was working as intended), but was instead a case of someone purposefully breaking their own instance.

      Improperly handling compatibility CSS classes was/is a Soapbox bug. What essentially happened is that Pete wrote an MRF that wrapped all posts in <span class=something>#{message}</span> and forgot about it until he restarted the instance.

      In conversation Wednesday, 31-Jan-2024 00:48:57 JST permalink
    • Embed this notice
      Kirino Kousaka (kirino@seal.cafe)'s status on Wednesday, 31-Jan-2024 00:48:57 JST Kirino Kousaka Kirino Kousaka
      in reply to
      • cassidyclown
      • Rusty Crab
      • Phantasm
      • Zambia
      • Johnny Peligro

      As I said, my memory is vague on it, but isn't that how it's meant to work? It's apart of the parser which cleans up potential malicious code?

      Then again, I might be making shit up right now. All I know is a guy made his instance purposefully not display posts as some gay power play to try and force another software to work how he thinks it should work.

      I am also very biased as I used to deal with this shit a lot. If one of my clients broke how their database worked, was informed before hand it would break it, and then asked us to fix it then we would flatly refuse.

      In conversation Wednesday, 31-Jan-2024 00:48:57 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.