@stefan now that I think about it, with instances coming and going, this is a security issue. I can go buy a domain of a defunct instance and XSS all sites that ever embedded a post.
Posts
-
So an interesting change is coming to Mastodon embeds. -
So an interesting change is coming to Mastodon embeds.@stefan it seems presumptive to my old webdev mind to assume all places that allow embeds will allow external js.
Also, seriously, do you expect me to backdoor my own site??