There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

lemmyshitpost

This magazine is from a federated server and may be incomplete. Browse more on the original instance.

WoodenBleachers , in Hey I'm trying to abbreviate here
@WoodenBleachers@lemmy.basedcount.com avatar

Not sure why the devs have so much trouble with parsing this. I’m not sure if it’s an API thing or a front-end issue

db2 , 

<span style="color:#323232;">&amp;
</span>
dual_sport_dork ,
@dual_sport_dork@lemmy.world avatar

Something somewhere is running an htmlspecialchars() or equivalent on whatever you input, probably as an attempt at “sanitizing” the text entered in titles/posts/comments. You know, to keep me from just inserting a javascript tag with src=‘pwned.ru/fu.js’ into a comment and have it to something naughty to anyone who loads the page.

I’m certain these are being stored in the database as an & amp;, but they’re not being decoded back into an ampersand character upon display.

Agentseed ,
@Agentseed@artemis.camp avatar

would it not be possible for whatever's decoding it to run arbitrary Javascript if done wrong? maybe that's why it doesn't exist yet?

dual_sport_dork ,
@dual_sport_dork@lemmy.world avatar

There are a lot of potential pitfalls any time you accept text input from a user, store it, and regurgitate it back to display on a user’s browser. The thing is, HTML (and all HTML-encapsulated scripting languages) are just text. So regular words and a block of Javascript that makes dancing polka-dotted hippos dance across your screen and incessantly play the Hamster Dance song at 200% volume are, without protections, input and stored exactly the same way. Preventing ne’er-do-wells from doing injection attacks with SQL calls, HTML, control and escape characters, Javascript, etc. is part of a whole industry.

It appears lemmy does filter out raw HTML tags, at least. I tried to insert one in my last comment just for illustration and it was silently removed from the input.

Toes ,

I can’t use <3 in a post title without it getting mangled.

0xD ,

That’s because the sanitization here is shit, but I bet you’d rather have that than be attacked by stored cross-site scripting attacks :)

dual_sport_dork ,
@dual_sport_dork@lemmy.world avatar

The decode really, really, really should not be happening client side in Javascript. The backend should handle it before handing the text to the user’s browser. You are correct; If this is done client side it means a bad actor can mess with it and/or include an injection attack of some sort.

Nothing client side should ever handle user input, except perhaps convenience features like flagging incomplete fields or kicking the cursor to the next input element when one is full (e.g. for phone numbers). Anything client side can be fucked with by the client. Validation needs to happen on the server side, before committing the input to the database (or doing whatever it’s going to do with it).

WoodenBleachers ,
@WoodenBleachers@lemmy.basedcount.com avatar

I know, just sanitize it again. .Replace(“&”, &), Regex.Remove(amp;), if(.Contains(“amp;”))

ChaoticNeutralCzech ,

The same with < and &lt; please

Black616Angel ,

No. This is just escaped html. So you can just unescape it like every other html.

AnotherRyguy ,

Please be kidding lol

onion ,

Theres a git issue on this

HawlSera , in Fantasy rednecks

Aye reckon

RIP_Cheems , in It'll feel like a jream
@RIP_Cheems@lemmy.world avatar

You’ve done it. You’ve finally done it. You’ve drove me over the edge. The blood is on your hands now.

Stamets OP ,
@Stamets@startrek.website avatar

Brb gotta wash hands

RIP_Cheems ,
@RIP_Cheems@lemmy.world avatar

Don’t worry. Theirs plenty more where that came from.

RIP_Cheems , in Ah yes. Hotted dogs
@RIP_Cheems@lemmy.world avatar

NOPE. FIRE IS NOT ENOUGH. IM GETTING A MORTAR.

LemmyFeed , in Ah yes. Hotted dogs

What an atrocity! Ketchup on hot dogs!?

steal_your_face , in mmmh, makes ya moist
@steal_your_face@lemmy.ml avatar

Got any cornichons?

Infynis , in Fantasy rednecks
@Infynis@midwest.social avatar

My last character was an orphan (or course), taken in by a dwarf clan, where he worked alongside them in the mines. So, naturally, he was Appalachian

PugJesus ,
@PugJesus@kbin.social avatar

You're doing God's work - an Appalachian

Infynis ,
@Infynis@midwest.social avatar

As a Undying Warlock/Death Cleric, he was definitely doing someone’s work lol

WoodenBleachers , in Fantasy rednecks
@WoodenBleachers@lemmy.basedcount.com avatar

Pretty sure because the “original” fantasy was written as a false history for England (LoTR was this). So it makes sense that the people would bear an English accent

saigot ,

I hope one day we can have a (respectful) mainstream fantasy world for Native America, It could be so cool.

Jilanico ,
@Jilanico@lemmy.world avatar

Not exactly what you’re looking for, but most characters in A Wizard of Earthsea resemble Native Americans.

monsterlynn ,
@monsterlynn@kbin.social avatar

@WoodenBleachers But his sources were Norse, primarily, so by extension the argument can be made that the characters should all have Scandinavian accents.

@FlyingSquid

WoodenBleachers ,
@WoodenBleachers@lemmy.basedcount.com avatar

That’s cool. I wouldn’t mind fantasy characters having accents (it’s fantasy after all) just providing context for why it’s predominantly English

TigrisMorte ,

No, only folks that never read what Tolkien said about LotR think it is a fake History for England.

WoodenBleachers ,
@WoodenBleachers@lemmy.basedcount.com avatar

I read the Silmarillion, he was sad about the fact that England had no real “mythology” so he made his own

someguy3 ,

Do the books have accents?

explodicle ,

I’ll admit I haven’t read them, but I imagine the original version was British English with all the extra U’s and such.

someguy3 ,

Could be Canadian.

mumblerfish , in Fantasy rednecks

I’m imaginig everyone just speaking erasmus english

Transform2942 , in mmmh, makes ya moist

So are we doing pickles now on Lemmy?

Zehzin , in Le origin story
@Zehzin@lemmy.world avatar

ok what the heck is this thing I keep seeing it since like last week

aBundleOfFerrets ,

Protagonist in Amazing Digital Circus, a show that had its pilot released about a week and a half ago. (you can find it on youtube, if you were so inclined)

Zehzin ,
@Zehzin@lemmy.world avatar

Alright thanks. Still didn’t get the joke though 💀

UsernameIsTooLon ,

Tbh it’s best that you don’t. It requires knowledge you’re better off living the rest of your life without knowing.

Zehzin ,
@Zehzin@lemmy.world avatar

I would rather you tell me instead of looking for it and stumbling upon even more cursed knowledge

wabafee , in It'll feel like a jream

Anyone sleeping in this couch would technically be kissing someone’s ass. Assuming this were used jeans.

pno2nr , in Fantasy rednecks

They made at least one “southern fantasy” show, it was called Man in the High Castle based on work by American fantasy writer Phillip K Dick.

RampantParanoia2365 ,

…that would be science fiction. Dick was a sci-fi writer.

RedEyeFlightControl , in It'll feel like a jream
@RedEyeFlightControl@lemmy.world avatar

NGL I love the storage with the pockets.

Imgonnatrythis , in It'll feel like a jream

That thing would look even better with a Giant brown leather decorative strap running through those belt loops.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •