Cannot create a post with a title of "0! = 1" (lemmy.blahaj.zone)

submitted 2 years ago by urist@lemmy.blahaj.zone to c/lemmy_support@lemmy.ml

13 comments fedilink hide all child comments

Attempting to create a post with a title of "0! = 1" causes lemmy to stall, with the create post button remaining as a little spinning circle and no error messages.

This is not ideal?

you are viewing a single comment's thread
view the rest of the comments

[-] tiredofsametab@kbin.social 29 points 2 years ago

This is not ideal?

If inputs are not being sanitized properly, it's a huge security risk

[-] Deceptichum@kbin.social 20 points 2 years ago

Time for little Bobby Tables to join Lemmy.

[-] Crul@lemm.ee 13 points 2 years ago

Reference: xkcd: Exploits of a Mom

Her daughter is named Help I'm trapped in a driver's license factory.

[-] TootSweet@lemmy.world 14 points 2 years ago* (last edited 2 years ago)

There is no such things as unsafe text or unsafe characters. Only incorrect and insecure encoding practices. There's no valid security reason why something like 0 != 1 (or for that matter '); drop table posts; --) should not be allowed as a post title unless the developers are just too lazy or clueless to use parameterized SQL queries and correctly escape the title when including it in an HTML template.

[-] urist@lemmy.blahaj.zone 5 points 2 years ago

This is what I was worried about but I know just about nothing about lemmy/databases/etc

this post was submitted on 17 Aug 2023

46 points (97.9% liked)

Lemmy Support

4942 readers

5 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 6 years ago

MODERATORS

dessalines@lemmy.ml