Hacker Poesy
  • FAQ
  • Login
  • Public

    • Public
    • Groups
    • Recent tags
    • Popular
    • Directory

Conversation:

Notices

  1. MMN-o ✅⃠ (mmn)'s status on Thursday, 01-Sep-2016 17:45:18 EDT MMN-o ✅⃠ MMN-o ✅⃠
    Remote profile options...
    • Hannes
    @hannes2peer Reasonably source shouldn't be html at all! So just escaping it on output is good enough I think.
    Thursday, 01-Sep-2016 17:45:18 EDT from social.umeahackerspace.se permalink
    • MMN-o ✅⃠ (mmn)'s status on Thursday, 01-Sep-2016 18:21:36 EDT MMN-o ✅⃠ MMN-o ✅⃠
      Remote profile options...
      • Hannes
      • maiyannah
      @hannes2peer @maiyannah I've been looking at it now and I'm curious where someone can put their own URL in there in a way that will be output to !qvitter since it's only HTML if Notice->getSource returns a Notice_source object, which should be under server control and not affected by user input.
      Thursday, 01-Sep-2016 18:21:36 EDT permalink
    • MMN-o ✅⃠ (mmn)'s status on Thursday, 01-Sep-2016 18:43:55 EDT MMN-o ✅⃠ MMN-o ✅⃠
      Remote profile options...
      • Hannes
      • maiyannah
      @hannes2peer @maiyannah Ah no alright, I didn't read the whole getSource function: http://status.hackerposse.com/url/11840 That thing means API clients can choose their own source names (which is a good thing) and match against OAuth applications (matching up so the name gets linked). It's when the HTML in !GNUsocial gets built that nasty stuff get in. I have now redac…
      Thursday, 01-Sep-2016 18:43:55 EDT permalink

      Attachments

      1. mmn-20160901-ostatus-ssf8.html
    • MMN-o ✅⃠ (mmn)'s status on Thursday, 01-Sep-2016 19:10:28 EDT MMN-o ✅⃠ MMN-o ✅⃠
      Remote profile options...
      • Hannes
      • Christmas Personified as a Catgirl
      • maiyannah
      @hannes2peer @maiyannah @moonman what I did (mostly the second link):
      https://git.gnu.io/gnu/gnu-social/commit/15ab9ff9e3303255ff14166ee86ffdf3bc4f52ce
      https://git.gnu.io/gnu/gnu-social/commit/a7043bf7cc6956abd344149332290564eda5d1f4
      Thursday, 01-Sep-2016 19:10:28 EDT permalink
    • MMN-o ✅⃠ (mmn)'s status on Friday, 02-Sep-2016 04:47:44 EDT MMN-o ✅⃠ MMN-o ✅⃠
      Remote profile options...
      • Rymmargrisen, nöff said.
      @oemplojerad ha
      oppas jag hittade alla ställen bara.
      Friday, 02-Sep-2016 04:47:44 EDT permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • Privacy
  • Source
  • Version
  • Contact

Hacker Poesy is a GNU social hub. It runs version 1.1.3-beta3, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Hacker Poesy content and data are available under the Creative Commons Attribution 3.0 license.

Switch to mobile site layout.