this post was submitted on 27 Oct 2023
11 points (92.3% liked)

Lemmy Support

4651 readers
15 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 5 years ago
MODERATORS
dessalines@lemmy.ml
11
[bug] Code blocks sabotaged when the code is HTML — data lost (links.hackliberty.org)
submitted 1 year ago* (last edited 1 year ago) by soloActivist@links.hackliberty.org to c/lemmy_support@lemmy.ml
4 comments fedilink hide all child comments
 

After submitting an HTML sample in this post, #Lemmy gutted the content silently and destructively without telling me. The original text is totally lost and not recoverable. I only noticed because more than half the code was discarded.

This is terrible. It’s perhaps understandable that raw HTML might have security issues if it appears as-is, so of course the angle brackets should be automatically encoded as literals by the submission processing modules. The status quo is obviously a #LemmyBug because authors are not even warned about the destruction and given a chance to preserve their work. It just gets trashed.

you are viewing a single comment's thread
view the rest of the comments
[–] soloActivist@links.hackliberty.org 2 points 1 year ago (1 children)

Indeed. And it’s a needlessly destructive form of sanitization. That is, sanitizing properly normally means replacing the special characters with an encoding to ensure literals render.

[–] peter@feddit.uk 4 points 1 year ago (1 children)

Ever since they had the xss problem they've basically nuked any html elements in any scenario

[–] bjoern_tantau@swg-empire.de 2 points 1 year ago

It's like watching php devs in the early 2000s.