If a post body contains an unclosed HTML tag, it will be automatically closed it at the end of window.isoData and then all Javascript functionality disappears.

  • kakes@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    That’s a bit concerning, isn’t it? I would think the fact that HTML in the post body is being parsed at all hints at the possibility of an injection attack.

    • ThreenOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Yeah, very concerning!

      I think it is related to this change, so maybe the sanitize is causing the issue here.