vercte's profile @vercte

@jeffalo /chat may have a few xss vulnerabilities, but just HTML, no scripting (good job you are good at this)

May 9, 2022, 5:43 PM
1 0 4

comments

jeffalo's profile @jeffalo May 9, 2022, 5:57 PM

it’s intended :) it works the same as posts & comments, and is properly sanitized by dompurify

vercte's profile @vercte May 12, 2022, 1:03 AM

ahh ok (makes sense)

time to look at DOMpurify

vercte's profile @vercte May 12, 2022, 1:05 AM

just wondering, does it allow style or no?

jeffalo's profile @jeffalo May 12, 2022, 6:47 AM

no