It looks like the ex-DDG employee got the details wrong, and read the slides backwards.

    • Skull giver@popplesburger.hilciferous.nlOP
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      1 year ago

      I assume it has to do with code filtering out attempts to inject HTML / scripts into comments. Lemmy had a bunch of bugs that allowed hackers to inject Javascript so they turned on quite an aggressive filter.

      • mindbleach@sh.itjust.works
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        They fucked it up completely in a way that raises questions of competence.

        HTML has ways to display angle brackets specifically intended to never be interpreted as tags. “Entity names” will never be code. There’s not even a sensible way to do it deliberately, like %20 nonsense.

      • 0xD@infosec.pub
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Could have done it with proper encoding, don’t need to remove it lol o.O