oh no it has a silly idea
-
aaaaahhh of course
while backdating is a feature, it can't send posts into the future (say, making a post at
2038-01-19T03:14:07Z) with the same thing
-
and of course it couldn't stop there, so it tested GoToSocial's sanitiser for a bit :3
and turns out that it does filter out
onloadtags/events from elements. -
and of course it couldn't stop there, so it tested GoToSocial's sanitiser for a bit :3
and turns out that it does filter out
onloadtags/events from elements.it also filters out links (
<a>elements) that are going tojavascript:, interestingly enough. -
it also filters out links (
<a>elements) that are going tojavascript:, interestingly enough.@awoo if you do find something dreadful please let us know before posting about it... unless it's dreadful but harmless in which case have fun!
-
it also filters out links (
<a>elements) that are going tojavascript:, interestingly enough.@awoo this is going to result in another Mastodon post from 10000BC breaking everything, isn't it? :3
-
@awoo if you do find something dreadful please let us know before posting about it... unless it's dreadful but harmless in which case have fun!
@dumpsterqueer I will ^^
-
@awoo this is going to result in another Mastodon post from 10000BC breaking everything, isn't it? :3
@that it very much could result in such a post
​ -
@that it very much could result in such a post
​@that though GoToSocial won't accept anything before a second after the Unix epoch started (so,
1970-01-01T00:00:01Z) -
it also filters out links (
<a>elements) that are going tojavascript:, interestingly enough.even completely HTML entity-ified strings like
<a href="javascript:alert(1)">hmmmmm :3</a>get thrown outnow it's actually curious how GoToSocial's (or slurp's, if it has one) sanitiser works
-
even completely HTML entity-ified strings like
<a href="javascript:alert(1)">hmmmmm :3</a>get thrown outnow it's actually curious how GoToSocial's (or slurp's, if it has one) sanitiser works
time to make a post on another account to request yet another archive with a link to something!
(having alts to try and find loopholes is really useful ngl)
