Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fluffytail.org/objects/8f42f9bc-f6dd-4da1-93d0-d2068dafb357">Phantasm (phnt@fluffytail.org)'s status on Wednesday, 31-Jan-2024 00:48:56 JST</a><a href="https://fluffytail.org/users/phnt" title="phnt@fluffytail.org"><img src="https://gnusocial.jp/avatar/158739-48-20230808204705.webp" width="48" height="48" alt="Phantasm" style="position: absolute; left: 0; top: 0;">Phantasm</a><div><a href="https://seal.cafe/objects/9af87fb5-d04e-45ba-865d-69305a77340f" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/114116" title="kirino@seal.cafe">Kirino Kousaka</a></li><li><a href="https://gnusocial.jp/user/132538" title="rustycrab@clubcyberia.co">Rusty Crab</a></li><li><a href="https://gnusocial.jp/user/220829" title="diurnalfreak666@clubcyberia.co">Zambia</a></li><li><a href="https://gnusocial.jp/user/225329" title="mischievoustomato@rebased.taihou.website">Johnny Peligro</a></li></ul></div></section><article><a href="https://seal.cafe/users/Kirino">@Kirino</a> <a href="https://clubcyberia.co/users/RustyCrab">@RustyCrab</a> <a href="https://clubcyberia.co/users/cassidyclown">@cassidyclown</a> <a href="https://clubcyberia.co/users/diurnalfreak666">@diurnalfreak666</a> <a href="https://rebased.taihou.website/users/mischievoustomato">@mischievoustomato</a><br>&gt; It's apart of the parser which cleans up potential malicious code?<br>Depends on the point of view. It shouldn't interpret what it got from backend as something safe IMO. It should check if the content makes sense and escape what doesn't make sense. If I send you an HTML formatted message with line-height: 1000px, do you expect the frontend to break and display it with that CSS? Probably not. Same goes for the tag, it should check if it tag is supposed to be interpreted or not.</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2655871#notice-5262446">In conversation</a><time datetime="2024-01-31T00:48:56+09:00" title="Wednesday, 31-Jan-2024 00:48:56 JST">Wednesday, 31-Jan-2024 00:48:56 JST</time> <span>from <span><a href="https://fluffytail.org/objects/8f42f9bc-f6dd-4da1-93d0-d2068dafb357" rel="external" title="Sent from fluffytail.org via ActivityPub">fluffytail.org</a></span></span><a href="https://fluffytail.org/objects/8f42f9bc-f6dd-4da1-93d0-d2068dafb357">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 31-Jan-2024 00:48:56 JSTPhantasm
in reply to
@Kirino @RustyCrab @cassidyclown @diurnalfreak666 @mischievoustomato
> It's apart of the parser which cleans up potential malicious code?
Depends on the point of view. It shouldn't interpret what it got from backend as something safe IMO. It should check if the content makes sense and escape what doesn't make sense. If I send you an HTML formatted message with line-height: 1000px, do you expect the frontend to break and display it with that CSS? Probably not. Same goes for the tag, it should check if it tag is supposed to be interpreted or not.
In conversationWednesday, 31-Jan-2024 00:48:56 JST from fluffytail.orgpermalink

Public

Embed Notice

HTML Code

Corresponding Notice