Soft hyphen paste in editor is not correctly handled

Started by Kantis, December 30, 2023, 07:39:26 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 All
User actions

Sesquipedalian

#20
December 31, 2023, 03:48:39 PM
We do. It was a simple example.
I promise you nothing.
Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Arantor

#21
December 31, 2023, 03:54:06 PM
You removed literally all of the inline JavaScript such that you could write a CSP that would block said attack?

Mind you, while I see the point you're trying to make, there is a question very firmly about user expectations vs security and that the fact this topic exists suggests there is a disparity.

It's fine here where you can explain "oh it's best practice" and that's a good enough explanation, but that's rarely a situation I can do out in the real world. I just get told to fix it, and so I have my ways of doing that.

Sesquipedalian

#22
December 31, 2023, 03:58:09 PM
I mean that we remove any attempt to embed JavaScript in user input.
I promise you nothing.
Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Arantor

#23
December 31, 2023, 06:31:42 PM
*shrug* I haven't looked, if you're saying it's secure, I trust you. Your code base, not mine.

I'm just mindful that I have other considerations in choosing how I'd solve this, and still have it be secure.
Print
Go Up Pages 1 2 All
User actions
Advertisement: