Pretend that all HTML needs to be escaped and only disable it on a case-by-case basis.
this post was submitted on 10 Jul 2023
108 points (99.1% liked)
Technology
85 readers
1 users here now
Talk about anything tech related!
founded 1 year ago
MODERATORS
And use the Content-Security-Policy header to limit where scripts can load from, just in case you miss escaping HTML somewhere.
How can these issues still exist? Man we really should rethink how the web is build.
No, this shit is embarrassing. Nobody should be hit by Bobby Tables.
Lemmy leadership needs to re-think their priorities. They've entered the big leagues and are still pretending they are in the kid's sandbox.