So an interesting change is coming to Mastodon embeds.
-
@andypiper @cybeardjm No problem!
-
@stefan it seems presumptive to my old webdev mind to assume all places that allow embeds will allow external js.
Also, seriously, do you expect me to backdoor my own site??
-
@stefan now that I think about it, with instances coming and going, this is a security issue. I can go buy a domain of a defunct instance and XSS all sites that ever embedded a post.
-
@qwazix Ah, yeah, that's a really good point!
Copyright © 2024 NodeBB | Contributors