• Hotzilla@sopuli.xyz
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    You can nicely have trampstamp with /body>

    Edit: is there xss risk here because html tag was not visible

    • Hotzilla@sopuli.xyz
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      <script>alert(“test”)</script>

      Edit: No popup for anyone, right?

      Edit2: script not visible in jerboa, I am scared.

      • henry@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        It’s just showing as normal text for me. Could be a jerboa bug but I very much doubt they’re allowing randomly injecting html tags lol.