uhhh cohost.org allows arbitrary html/css in posts?!?!?!?

@f0x oh this website keeps getting better this is gonna be real good for accessibility

Follow

@pastelpunkbandit it's also a *massive* security vulnerability. Your post can easily overlap the entire page, overlapping/replacing UI elements etc. Like smh at least iframe your user content

@f0x oh,,, i was assuming it was gonna work with an iframe + clear indicator around that
guess not?!?!? that sounds rlly bad omg
do they at least stop you from putting js in there?

@pastelpunkbandit it's hard to tell what is/isn't possible without having an account, but it's not looking good..

Sign in to participate in the conversation
Pixietown

Small server part of the pixie.town infrastructure. Registration is closed.