wetnoodle@sh.itjust.works to Fediverse@kbin.social · 1 year agoMultiple lemmy instances are getting hit with a js injectionmessage-squaremessage-square22fedilinkarrow-up175arrow-down10file-text
arrow-up175arrow-down1message-squareMultiple lemmy instances are getting hit with a js injectionwetnoodle@sh.itjust.works to Fediverse@kbin.social · 1 year agomessage-square22fedilinkfile-text
minus-squareIHeartBadCode@kbin.sociallinkfedilinkarrow-up11·1 year agoIssue 1895 opened and patch purposed for the core issue. The markdown editor does no escaping input on custom emojis. This is likely why users on app were seeing text and not getting the redirect.
minus-squareHarkMahlberg@kbin.sociallinkfedilinkarrow-up1·1 year ago“And I hope you learned to sanitize your database inputs.” (Man this one is old.)
Issue 1895 opened and patch purposed for the core issue. The markdown editor does no escaping input on custom emojis. This is likely why users on app were seeing text and not getting the redirect.
🙃
“And I hope you learned to sanitize your database inputs.” (Man this one is old.)