this post was submitted on 27 Oct 2023
8 points (90.0% liked)

Lemmy Support

4650 readers
6 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 5 years ago
MODERATORS
dessalines@lemmy.ml
8
[bug] Code blocks sabotaged when the code is HTML — data lost (links.hackliberty.org)
submitted 1 year ago* (last edited 1 year ago) by soloActivist@links.hackliberty.org to c/lemmy_support@lemmy.ml
5 comments fedilink hide all child comments
 

After submitting an HTML sample in this post, #Lemmy gutted the content silently and destructively without telling me. The original text is totally lost and not recoverable. I only noticed because more than half the code was discarded.

This is terrible. It’s perhaps understandable that raw HTML might have security issues if it appears as-is, so of course the angle brackets should be automatically encoded as literals by the submission processing modules. The status quo is obviously a #LemmyBug because authors are not even warned about the destruction and given a chance to preserve their work. It just gets trashed.

top 5 comments
sorted by: hot top controversial new old
[–] wmassingham@lemmy.world 3 points 1 year ago

https://github.com/LemmyNet/lemmy/issues/3774

[–] velox_vulnus@lemmy.ml 2 points 1 year ago (1 children)

Looks like Lemmy is sanitizing the HTML inside the code block for some reason. Even I've seen something similar happen to my post.

[–] soloActivist@links.hackliberty.org 2 points 1 year ago (1 children)

Indeed. And it’s a needlessly destructive form of sanitization. That is, sanitizing properly normally means replacing the special characters with an encoding to ensure literals render.

[–] peter@feddit.uk 3 points 1 year ago (1 children)

Ever since they had the xss problem they've basically nuked any html elements in any scenario

[–] bjoern_tantau@swg-empire.de 1 points 1 year ago

It's like watching php devs in the early 2000s.