oh no it has a silly idea
-
oh no it has a silly idea
-
oh no it has a silly idea
on that note: what the fuck is this mess of json-ld that mastodon throws at it
-
on that note: what the fuck is this mess of json-ld that mastodon throws at it
@awoo that is json-ld. ask anyone who has even thought about fedi dev before and they will tell one that it is the worst invention of mankind
-
@awoo that is json-ld. ask anyone who has even thought about fedi dev before and they will tell one that it is the worst invention of mankind
@49016 oh yeah it definitely has to agree with that
-
on that note: what the fuck is this mess of json-ld that mastodon throws at it
proof-of-concept: works :neobot_thumbsup:β
-
proof-of-concept: works :neobot_thumbsup:β
ooookay the oldest post cannot be
1970-01-01T00:00:00Z(got aerr="[POST /api/v1/statuses][406] statusCreateNotAcceptable"in response) but1970-01-01T00:00:05Zis fine, huh -
ooookay the oldest post cannot be
1970-01-01T00:00:00Z(got aerr="[POST /api/v1/statuses][406] statusCreateNotAcceptable"in response) but1970-01-01T00:00:05Zis fine, huhokay even
1970-01-01T00:00:01Zis fine, good to know :neobot_thumbsup:β -
okay even
1970-01-01T00:00:01Zis fine, good to know :neobot_thumbsup:βaaaaahhh of course
while backdating is a feature, it can't send posts into the future (say, making a post at
2038-01-19T03:14:07Z) with the same thing
-
aaaaahhh of course
while backdating is a feature, it can't send posts into the future (say, making a post at
2038-01-19T03:14:07Z) with the same thing@awoo is 2037 possible?
-
@awoo is 2037 possible?
@f2k1de anything in the future is not possible
-
aaaaahhh of course
while backdating is a feature, it can't send posts into the future (say, making a post at
2038-01-19T03:14:07Z) with the same thing -
and of course it couldn't stop there, so it tested GoToSocial's sanitiser for a bit :3
and turns out that it does filter out
onloadtags/events from elements. -
and of course it couldn't stop there, so it tested GoToSocial's sanitiser for a bit :3
and turns out that it does filter out
onloadtags/events from elements.it also filters out links (
<a>elements) that are going tojavascript:, interestingly enough. -
it also filters out links (
<a>elements) that are going tojavascript:, interestingly enough.@awoo if you do find something dreadful please let us know before posting about it... unless it's dreadful but harmless in which case have fun!
-
it also filters out links (
<a>elements) that are going tojavascript:, interestingly enough.@awoo this is going to result in another Mastodon post from 10000BC breaking everything, isn't it? :3
-
@awoo if you do find something dreadful please let us know before posting about it... unless it's dreadful but harmless in which case have fun!
@dumpsterqueer I will ^^
-
@awoo this is going to result in another Mastodon post from 10000BC breaking everything, isn't it? :3
@that it very much could result in such a post
β -
@that it very much could result in such a post
β@that though GoToSocial won't accept anything before a second after the Unix epoch started (so,
1970-01-01T00:00:01Z) -
it also filters out links (
<a>elements) that are going tojavascript:, interestingly enough.even completely HTML entity-ified strings like
<a href="javascript:alert(1)">hmmmmm :3</a>get thrown outnow it's actually curious how GoToSocial's (or slurp's, if it has one) sanitiser works
-
even completely HTML entity-ified strings like
<a href="javascript:alert(1)">hmmmmm :3</a>get thrown outnow it's actually curious how GoToSocial's (or slurp's, if it has one) sanitiser works
time to make a post on another account to request yet another archive with a link to something!
(having alts to try and find loopholes is really useful ngl)
