lemmy.world is a victim of an XSS attack right now and the hacker simply
injected a JavaScript redirection into the sidebar. It appears the Lemmy backend
does not escape HTML in the main sidebar. Not sure if this is also true for
community sidebars.
[https://sh.itjust.works/pictrs/image/707c0f16-3d5c-4888-b865-34228d968ee6.png]
That is one of the issues… if you tick the box to enable 2FA and hit save, you then need to hit F5/refresh for the ‘2FA Installation link’ to appear.
Actually making use of the 2FA installation link is also not intuitive… as I said I’ll try and post a sequence of screenshots tonight with a fresh test account to show the process.
That didn’t work, but I have solved it. I had to take the emoji out of my display name. No idea why that has any impact, but it did.
i’ll be damned if I’m removing my identity just to protect my account
I’ve been playing around and it’s only some emojis it has a problem with. Your bagels are safe.
deleted by creator
The 2FA system might just be prejudiced against birds. I tried putting it back in after it was set up and it won’t save my settings if the emoji is there. It’s very weird.
deleted by creator
It won’t let me put it anywhere in the field. A bagel or a smiley face are find, but I can’t do the bird, or a black cat. It might be something to do with the specific emoji - both the black bird and cat are a standard bird/cat paired with a black square which display as a single emoji on some systems.
At a guess your emoji is part of a a newer unicode table and something in the lemmy backend has an older version that doesn’t include it.
thank you, and the 2FA set up was actually the easiest i’ve ever set up on iOS. a little too easy …