Lemmy Support

4633 readers

29 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 5 years ago

MODERATORS

dessalines@lemmy.ml

[bug] Code blocks sabotaged when the code is HTML — data lost (links.hackliberty.org)

submitted 10 months ago* (last edited 10 months ago) by soloActivist@links.hackliberty.org to c/lemmy_support@lemmy.ml

5 comments fedilink hide all child comments

After submitting an HTML sample in this post, #Lemmy gutted the content silently and destructively without telling me. The original text is totally lost and not recoverable. I only noticed because more than half the code was discarded.

This is terrible. It’s perhaps understandable that raw HTML might have security issues if it appears as-is, so of course the angle brackets should be automatically encoded as literals by the submission processing modules. The status quo is obviously a #LemmyBug because authors are not even warned about the destruction and given a chance to preserve their work. It just gets trashed.

top 5 comments

sorted by: hot top controversial new old

[–] wmassingham@lemmy.world 3 points 10 months ago

https://github.com/LemmyNet/lemmy/issues/3774

[–] velox_vulnus@lemmy.ml 2 points 10 months ago (1 children)

Looks like Lemmy is sanitizing the HTML inside the code block for some reason. Even I've seen something similar happen to my post.

[–] soloActivist@links.hackliberty.org 2 points 10 months ago (1 children)

Indeed. And it’s a needlessly destructive form of sanitization. That is, sanitizing properly normally means replacing the special characters with an encoding to ensure literals render.

[–] peter@feddit.uk 3 points 10 months ago (1 children)

Ever since they had the xss problem they've basically nuked any html elements in any scenario

[–] bjoern_tantau@swg-empire.de 1 points 10 months ago

It's like watching php devs in the early 2000s.