diblix's profile diblix's wall (single view)
View parent
oren's profile @oren Jul 20, 2022, 9:12 PM

You can run arbitrary javascript which is obviously not good

diblix's profile @diblix Jul 20, 2022, 10:14 PM

do you know how to prevent it?

oren's profile @oren Jul 21, 2022, 1:49 AM

Either use a regex so you can't use arbitrary characters in a username (best solution) or set element.innerText instead of element.innerHTML

diblix's profile @diblix Jul 21, 2022, 2:20 AM

well in beta 2.0 you can only use letters numbers and underscores so i think that solves it

oren's profile @oren Jul 21, 2022, 2:47 AM

Oh good

diblix's profile @diblix Jul 21, 2022, 2:51 AM

if i were you i would advertise my diblix profile for some easy subs on wasteof

View all comments