Attempting to create a post with a title of “0! = 1” causes lemmy to stall, with the create post button remaining as a little spinning circle and no error messages.

This is not ideal?

  • TootSweet@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    1
    ·
    edit-2
    1 year ago

    There is no such things as unsafe text or unsafe characters. Only incorrect and insecure encoding practices. There’s no valid security reason why something like 0 != 1 (or for that matter '); drop table posts; --) should not be allowed as a post title unless the developers are just too lazy or clueless to use parameterized SQL queries and correctly escape the title when including it in an HTML template.