Programmer Humor

32710 readers

406 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

[email protected]

835

Oops, wrong person. (lemmy.world)

submitted 1 year ago by YoorWeb to c/[email protected]

33 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 5 points 1 year ago (1 children)

Why would exporting a url break js? No one would be stupid enough to run JS from an input. This isn't like a sql query where you might think to put a string directly into a search query. You would have to actively add this exploit in.

[–] kromem 8 points 1 year ago

It's not executing the code.

Their message contains brackets. Which is what the template engine is using to determine variations.

So the unsanitized user message is being processed by the temple engine, probably kills it with invalid formatting, and the engine no longer applies the templating to the rest of the message leaving the variations in the text sent to the messaging app.