Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://breastmilk.club/objects/65da972f-25e4-472e-9389-55e7296362f1">rees (rees@breastmilk.club)'s status on Tuesday, 05-Sep-2023 15:29:28 JST</a><a href="https://breastmilk.club/users/rees" title="rees@breastmilk.club"><img src="https://gnusocial.jp/avatar/117129-48-20240128120348.webp" width="48" height="48" alt="rees" style="position: absolute; left: 0; top: 0;">rees</a><div><a href="https://iddqd.social/objects/0725306c-71d4-470a-9100-05cb28b88a04" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/1298" title="neetzsche@iddqd.social">NEETzsche</a></li><li><a href="https://gnusocial.jp/user/1712" title="alex@gleasonator.com">Alex Gleason</a></li><li><a href="https://gnusocial.jp/user/143522" title="malakai@the.usualsuspects.lol">The Usual Suspect</a></li></ul></div></section><article><a href="https://iddqd.social/users/NEETzsche">@NEETzsche</a> <a href="https://gleasonator.com/users/alex">@alex</a> <a href="https://ryona.agency/users/mint">@mint</a> <a href="https://the.usualsuspects.lol/users/malakai">@malakai</a> this is actually why you don't ever want to use blacklists for XSS sanitization because people will just find a way around it. the XSS cat and mouse chase has been going on for decades. the right way to do it is just whitelist and be done with it. same thing goes for fedi, just defed and be done with the problem.</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2025405#notice-3975284">In conversation</a><time datetime="2023-09-05T15:29:28+09:00" title="Tuesday, 05-Sep-2023 15:29:28 JST">Tuesday, 05-Sep-2023 15:29:28 JST</time> <span>from <span><a href="https://breastmilk.club/objects/65da972f-25e4-472e-9389-55e7296362f1" rel="external" title="Sent from breastmilk.club via ActivityPub">breastmilk.club</a></span></span><a href="https://breastmilk.club/objects/65da972f-25e4-472e-9389-55e7296362f1">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
rees (rees@breastmilk.club)'s status on Tuesday, 05-Sep-2023 15:29:28 JSTrees
in reply to
@NEETzsche @alex @mint @malakai this is actually why you don't ever want to use blacklists for XSS sanitization because people will just find a way around it. the XSS cat and mouse chase has been going on for decades. the right way to do it is just whitelist and be done with it. same thing goes for fedi, just defed and be done with the problem.
In conversationTuesday, 05-Sep-2023 15:29:28 JST from breastmilk.clubpermalink

Public

Embed Notice

HTML Code

Corresponding Notice