After submitting an HTML sample in this post, #Lemmy gutted the content silently and destructively without telling me. The original text is totally lost and not recoverable. I only noticed because more than half the code was discarded.

This is terrible. It’s perhaps understandable that raw HTML might have security issues if it appears as-is, so of course the angle brackets should be automatically encoded as literals by the submission processing modules. The status quo is obviously a #LemmyBug because authors are not even warned about the destruction and given a chance to preserve their work. It just gets trashed.

  • soloActivist@links.hackliberty.orgOP
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Indeed. And it’s a needlessly destructive form of sanitization. That is, sanitizing properly normally means replacing the special characters with an encoding to ensure literals render.

    • Big P
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Ever since they had the xss problem they’ve basically nuked any html elements in any scenario