@joepie91 check if it's client side validated
@joepie91@social.pixie.town unhashed passwords <3
@joepie91 oh god, they're not sanitizing their inputs are they
@senhara I think this *is* their sanitization
@joepie91 this terrifies me
@senhara (And I suspect that that password is getting string-interpolated into some kind of API call or shell command that goes into another system which needs to create a local account for every system-wide account, or something)
@joepie91 couldn't you toss it into `base64` and let the other end of the API or something decode it to handle it safely????
@joepie91 gonna fucking cry
@senhara In theory you could (assuming you control the other end's implementation) but I do not get the impression that this thing was built by particularly security-conscious developers
@joepie91 I'm going to explode
@joepie91 ...does the check marks also only change in color and nothing else as well when the conditions are met?
cause that wouldn't be as accessible