Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://metalhead.club/users/mariusor/statuses/115238494921217275">marius (mariusor@metalhead.club)'s status on Sunday, 21-Sep-2025 21:49:44 JST</a><a href="https://metalhead.club/@mariusor" title="mariusor@metalhead.club"><img src="https://gnusocial.jp/avatar/7165-48-20251129232945.webp" width="48" height="48" alt="marius" style="position: absolute; left: 0; top: 0;">marius</a><div><a href="https://mitra.social/objects/01996876-53eb-5ad7-931f-096be4c0f5eb" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/85321" title="silverpill@mitra.social">silverpill</a></li></ul></div></section><article><p><a href="https://mitra.social/users/silverpill">@silverpill</a> do you mean that the "malicious" attachment is not a facsimile of an actual note produced by that actor, but a forgery? </p><p>In these cases, I'll agree with <br><a href="https://mastodon.social/@grishka">@grishka</a> that some validation based on the ID should be necessary. </p><p>For embedded object attachments on the other hand (like mastodon produces), probably the validation needs to check that attributedTo corresponds to the one of the parent object or missing. </p><p>Interesting corner case.</p><p><a href="https://activitypub.space/category/5/technical-discussion">@technical-discussion</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5658166#notice-11119916">In conversation</a><time datetime="2025-09-21T21:49:44+09:00" title="Sunday, 21-Sep-2025 21:49:44 JST">about 3 months ago</time> <span>from <span><a href="https://metalhead.club/@mariusor/115238494921217275" rel="external" title="Sent from metalhead.club via ActivityPub">metalhead.club</a></span></span><a href="https://metalhead.club/@mariusor/115238494921217275">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
marius (mariusor@metalhead.club)'s status on Sunday, 21-Sep-2025 21:49:44 JSTmarius
in reply to
- Gregory
- silverpill
@silverpill do you mean that the "malicious" attachment is not a facsimile of an actual note produced by that actor, but a forgery?
In these cases, I'll agree with
@grishka that some validation based on the ID should be necessary.
For embedded object attachments on the other hand (like mastodon produces), probably the validation needs to check that attributedTo corresponds to the one of the parent object or missing.
Interesting corner case.
@technical-discussion
In conversationabout 3 months ago from metalhead.clubpermalink

Public

Embed Notice

HTML Code

Corresponding Notice