News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Soft hyphen paste in editor is not correctly handled

Started by Kantis, December 30, 2023, 07:39:26 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 All
User actions

Sesquipedalian

#20
December 31, 2023, 03:48:39 PM
We do. It was a simple example.
I promise you nothing.
Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Arantor

#21
December 31, 2023, 03:54:06 PM
You removed literally all of the inline JavaScript such that you could write a CSP that would block said attack?

Mind you, while I see the point you're trying to make, there is a question very firmly about user expectations vs security and that the fact this topic exists suggests there is a disparity.

It's fine here where you can explain "oh it's best practice" and that's a good enough explanation, but that's rarely a situation I can do out in the real world. I just get told to fix it, and so I have my ways of doing that.
Holder of controversial views, all of which my own.

Sesquipedalian

#22
December 31, 2023, 03:58:09 PM
I mean that we remove any attempt to embed JavaScript in user input.
I promise you nothing.
Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Arantor

#23
December 31, 2023, 06:31:42 PM
*shrug* I haven't looked, if you're saying it's secure, I trust you. Your code base, not mine.

I'm just mindful that I have other considerations in choosing how I'd solve this, and still have it be secure.
Holder of controversial views, all of which my own.

Print
Go Up Pages 1 2 All
User actions
Advertisement: