vercte @vercte

@jeffalo /chat may have a few xss vulnerabilities, but just HTML, no scripting (good job you are good at this)

May 9, 2022, 5:43 PM
4

comments

jeffalo @jeffalo May 9, 2022, 5:57 PM

it’s intended :) it works the same as posts & comments, and is properly sanitized by dompurify
vercte @vercte May 12, 2022, 1:03 AM

ahh ok (makes sense)

time to look at DOMpurify
vercte @vercte May 12, 2022, 1:05 AM

just wondering, does it allow style or no?
jeffalo @jeffalo May 12, 2022, 6:47 AM

no