This is not ideal?
If inputs are not being sanitized properly, it's a huge security risk
This is not ideal?
If inputs are not being sanitized properly, it's a huge security risk
Time for little Bobby Tables to join Lemmy.
Reference: xkcd: Exploits of a Mom
Her daughter is named Help I'm trapped in a driver's license factory.
There is no such things as unsafe text or unsafe characters. Only incorrect and insecure encoding practices. There's no valid security reason why something like 0 != 1
(or for that matter '); drop table posts; --
) should not be allowed as a post title unless the developers are just too lazy or clueless to use parameterized SQL queries and correctly escape the title when including it in an HTML template.
This is what I was worried about but I know just about nothing about lemmy/databases/etc
i'm curious about alternate front-end / API clients....
invalid_post_title error on Memmy on iOS. Seems the error isn’t being handled properly on the web interface. Why it’s an invalid title is the real mystery I suppose.
lemmy-ui is still pretty bad about presenting spinning graphics when encountering an error. As for why the title isn't rejected, maybe it's too short, I don't know the length minimum.
I think you’re on to something. I think the title doesn’t have enough characters in it of the right sort. These three post titles were rejected:
R
=
==
I was able to make a post titled “===“.
The only conclusion that can be drawn is lemmy is discriminatory against math. Disgusting.
Oh! Good point.
I was posting this on Firefox on my desktop computer. It’s just the regular website, no front ends. I do have uMatrix but it’s disabled for lemmy (I can’t figure out how to make it work right with lemmy)
Maybe this has something to do with Blahaj? This stuff is real complicated.
Lemmy not handling errors is just another Thursday...
I get an error in Sync.
Support / questions about Lemmy.