the hacker could use a cookie stealer injected by the xss to steal the admin account.
do you know if Liftoff supports redgif etc.? it's always annoying in Jerboa when you have to open such links manually instead of seeing it in the app self.
oh, okay. didn't knew that. i expected that it saves the login information locally (encrypted) and then uses this to login.. and if there is an error, that it just says "login error" or something.. with the option to retry.
it's weird that it looks like the whole login data just gets wiped. confused me a lot since it also said Anonymous as my user etc.. really thought first my account got hacked after all that issues.
i just got logged out of my account from Jerboa and can't login anymore. my is completely wiped from my app now.
edit: okay seems the admins have taken down lemmy.world and thats probably why it happend in the app. but its weird that it just wipes the login and data of the instance in the app.. weird.
i did switch from reddit to lemmy.world because i expected it to be a safe alternative that would atleast pay a lot of attention to security. so yes, the trust in security is broken a lot with this. especially since it happend so soon after so many people joined. i already think about maybe making my own instance to keep my account safe in the future.
if i dislike something, I don't always want to have to explain myself. sometimes i just dislike something and want to show it by a simple click. specially on mobile I don't want to write a comment each time. otherwise i would just stop voting completely instead of writing a comment each time i downvote something.