GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Rich Felker (dalias@hachyderm.io)'s status on Sunday, 15-Mar-2026 08:46:13 JST Rich Felker Rich Felker
    in reply to
    • Dan Goodin
    • Chuck

    @ChuckMcManis @j0057 @dangoodin Applying the mapping to it is super sus already, and even presence of eval at all is sus. I wouldn't accept a PR with eval without a detailed explanation of why it's not practical without eval.

    In conversation about 10 days ago from hachyderm.io permalink
    • Embed this notice
      Chuck (chuckmcmanis@chaos.social)'s status on Sunday, 15-Mar-2026 08:46:15 JST Chuck Chuck
      • Dan Goodin

      @j0057

      I don't disagree with this, but how about calling eval() on a non-empty and innocuous string? Said string being only one or two regexes away from being not innocuous? How about your web service's json parameter list which when 'touched' by the magic regex has more parameters in it than you thought? People don't sanitize the strings that their own code sends them, and perhaps that is unwise.

      @dalias @dangoodin

      In conversation about 10 days ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.