this post was submitted on 06 Jul 2023
68 points (98.6% liked)

Meta

624 readers
4 users here now

Discussion about the aussie.zone instance itself

founded 1 year ago
MODERATORS
admin
lodion
68
WARNING: CHECK LINKS (self.meta)
submitted 1 year ago* (last edited 1 year ago) by lodion to c/meta
23 comments fedilink hide all child comments
 

As reported to the lemmy devs here there is no sanity checking of links in posts currently in lemmy. Please be careful in the links you click!

Further discussion and context from the reporter here.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

checks

It looks like kbin does check for and validate these. It hands back an "invalid URL" error if the mentioned javascript: schema in the bug report for lemmy is used.

EDIT: Though I didn't try submitting to a lemmy instance and seeing whether kbin validates links coming in from federated systems rather than locally-submitted.

EDIT2: Honestly, this should be checked in clients too to avoid a malicious server they connect to directly feeding them XSS URLs. Like, probably warrants bug reports for all clients.