Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)OO
object_Object @ object_Object @programming.dev
Posts
0
Comments
1
Joined
2 yr. ago

FYI: Lemmy.world and other instances were hacked. Beehaw.org took itself down to mitigate risks

Jump

  • If lenny-ui is already using a JSX based library (InfernoJS), why not use it? I can't believe they construct HTML manually like that without a hint of escaping or stripping. Sure, many markdown renderers tell you to just slap it in __html or dangerouslySetInnerHtml but there are many that just parse the MD and let you render it with JSX!

    I also can't believe there's no CSP that stopped this. Sure, it's a pain in the ass to configure with a nonce but this is literally the kind of thing it's made to block!