I'm just wondering what is preventing mallard from being shared on Lemmy, K.Bin, etc. via images or other embeds? Is there some file vetting happening under the hood?

all 12 comments

sorted by: hot top controversial new old

[–] Blaze@discuss.tchncs.de 12 points 2 years ago

Welcome,

There were issues a while back, which were fixed in security patches.

[–] Carighan@lemmy.world 8 points 2 years ago

Yes, all your mallards should be thoroughly vetted.

[–] CorrodedCranium@leminal.space 8 points 2 years ago (1 children)

Wasn't work done not too long ago with emojis or something?

[–] ram@bookwormstory.social 2 points 2 years ago (1 children)

Custom emoji was one, and another one in July(?) was in sidebars not being sanitized

[–] CorrodedCranium@leminal.space 1 points 2 years ago (1 children)

What do you mean by sanitized?

[–] ram@bookwormstory.social 2 points 2 years ago (1 children)

Stripped of executable code. IIRC the issue in particular was that sidebars observed HTML and you could put an iframe with potentially malicious code into them.

[–] CorrodedCranium@leminal.space 2 points 2 years ago

Interesting. Once the development of Lemmy slows down a couple years from now it would be interesting to see a video detailing the hiccups around its growth

[–] Synthead@lemmy.world 7 points 2 years ago (1 children)

Hopefully you're not using an image reader that's shitty enough to have vulnerabilities like this 🤨

[–] KinNectar@kbin.run 1 points 2 years ago (2 children)

@Synthead Chrome?

[–] Synthead@lemmy.world 4 points 2 years ago

I wouldn't worry about Chrome having vulnerabilities in its image readers.

[–] llii@feddit.de 1 points 2 years ago

I would say that a zero-day for chrome would be far too valuable. Except you're the target of an entity that has a few millions to spare.