114
why do & ampersands never display properly in titles? (sh.itjust.works)
submitted 1 year ago* (last edited 1 year ago) by bernieecclestoned@sh.itjust.works to c/asklemmy@lemmy.world
34 comments fedilink hide all child comments

but work in body text &

you are viewing a single comment's thread
view the rest of the comments
[-] TauZero@mander.xyz 35 points 1 year ago

There was some scare in lemmy development circles recently about script injection vulnerabilities. The various apps and frontend developers "solved" the problem by peppering untrusted user input with escape sequences all over the place. User submits post? Escape title! Receive new post from a federated instance? Escape title!

Obviously if you escape the title twice and display once, it will show up weird. The problem is that the various devs haven't agreed yet which parts of the messaging protocol are supposed to be already escaped and which are not. Ideally all user input should be stored and transmitted in raw form, and only escaped right before displaying. But due to various zealously-cautious devs we get this instead:

[-] Synthead@lemmy.world 11 points 1 year ago

There's a difference between cautious and incorrect. It's broken. If they're that concerned, where are the unit tests?

[-] TauZero@mander.xyz 5 points 1 year ago

They incorrectly broke it because they were overzealous.

[-] intensely_human@lemm.ee 4 points 1 year ago

Content showing up weird in federation sounds like a good use of integration tests to me

[-] archomrade@midwest.social 5 points 1 year ago

This was a really informative comment, thanks!

this post was submitted on 25 Oct 2023
114 points (97.5% liked)

Ask Lemmy

26916 readers
1950 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about US Politics. If you need to do this, try !politicaldiscussion@lemmy.world

Rules: (interactive)

1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija

Logo design credit goes to: tubbadu

founded 1 year ago
MODERATORS
candyman337@lemmy.world
Bluetreefrog@lemmy.world
TheSaneWriter@lemm.ee
TheSaneWriter@lemmy.thesanewriter.com
candyman337@sh.itjust.works
Asudox@lemmy.world
can@lemmy.ca
lemmy_bot@lemmy.world
beefbaby182@lemmy.world
asudox@discuss.tchncs.de