this post was submitted on 06 Jul 2023
68 points (98.6% liked)
Meta
626 readers
1 users here now
Discussion about the aussie.zone instance itself
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
checks
It looks like kbin does check for and validate these. It hands back an "invalid URL" error if the mentioned javascript: schema in the bug report for lemmy is used.
EDIT: Though I didn't try submitting to a lemmy instance and seeing whether kbin validates links coming in from federated systems rather than locally-submitted.
EDIT2: Honestly, this should be checked in clients too to avoid a malicious server they connect to directly feeding them XSS URLs. Like, probably warrants bug reports for all clients.