Attempting to create a post with a title of "0! = 1" causes lemmy to stall, with the create post button remaining as a little spinning circle and no error messages.
This is not ideal?
this post was submitted on 17 Aug 2023
46 points (97.9% liked)
Lemmy Support
4720 readers
1 users here now
Support / questions about Lemmy.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There is no such things as unsafe text or unsafe characters. Only incorrect and insecure encoding practices. There's no valid security reason why something like
0 != 1(or for that matter'); drop table posts; --) should not be allowed as a post title unless the developers are just too lazy or clueless to use parameterized SQL queries and correctly escape the title when including it in an HTML template.