Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fluffytail.org/objects/8b6a22e7-e987-438a-9a8d-0b511c9626e2">Phantasm (phnt@fluffytail.org)'s status on Wednesday, 27-Nov-2024 08:52:40 JST</a><a href="https://fluffytail.org/users/phnt" title="phnt@fluffytail.org"><img src="https://gnusocial.jp/avatar/158739-48-20230808204705.webp" width="48" height="48" alt="Phantasm" style="position: absolute; left: 0; top: 0;">Phantasm</a><div><a href="https://fsebugoutzone.org/objects/97912547-061d-4bec-9ef7-abd0ea83ed9f" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/161943" title="zergling_man@sacred.harpy.faith">Zergling_man</a></li><li><a href="https://gnusocial.jp/user/256996" title="p@fsebugoutzone.org">pistolero</a></li><li><a href="https://gnusocial.jp/user/263918" title="j@cawfee.club">Niggy Hardare</a></li></ul></div></section><article><a href="https://fsebugoutzone.org/users/p">@p</a> <a href="https://cawfee.club/users/J">@J</a> <a href="https://mostr.pub/users/f5b55f6b44b8997b2b6e8469a6a57f8d3f3b2ef27023543445c40ecec485ee64">@f5b55f6b44b8997b2b6e8469a6a57f8d3f3b2ef27023543445c40ecec485ee64</a> <a href="https://postnstuffds.lol/users/NonPlayableClown">@NonPlayableClown</a> <a href="https://sacred.harpy.faith/users/Zergling_man">@Zergling_man</a> <br><br>&gt;Probably worth noting that he shat on Pleroma for this:<br>He also made a thread claiming Pleroma FE was vulnerable to XSS when the purpose built parser misparsed URL encoded utf-8 characters. If I remember I was able to reproduce it, but I wasn't able to turn it into something usable that would break the FE or inject code.</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4075504#notice-7967225">In conversation</a><time datetime="2024-11-27T08:52:40+09:00" title="Wednesday, 27-Nov-2024 08:52:40 JST">about 2 months ago</time> <span>from <span><a href="https://fluffytail.org/objects/8b6a22e7-e987-438a-9a8d-0b511c9626e2" rel="external" title="Sent from fluffytail.org via ActivityPub">fluffytail.org</a></span></span><a href="https://fluffytail.org/objects/8b6a22e7-e987-438a-9a8d-0b511c9626e2">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 27-Nov-2024 08:52:40 JSTPhantasm
in reply to
@p @J @f5b55f6b44b8997b2b6e8469a6a57f8d3f3b2ef27023543445c40ecec485ee64 @NonPlayableClown @Zergling_man

>Probably worth noting that he shat on Pleroma for this:
He also made a thread claiming Pleroma FE was vulnerable to XSS when the purpose built parser misparsed URL encoded utf-8 characters. If I remember I was able to reproduce it, but I wasn't able to turn it into something usable that would break the FE or inject code.
In conversationabout 2 months ago from fluffytail.orgpermalink

Public

Embed Notice

HTML Code

Corresponding Notice