top | item 40398451

(no title)

auct | 1 year ago

What were the vulnerabilities in your 1600 lines imgur alternative?

discuss

ahubert|1 year ago

https://github.com/berthubert/trifecta/blob/main/README.md#k... has a list. The most painful one for me is that I did not know .svg files can contain javascript that gets executed in the site context if you can get someone to click on a link to your .svg file!

softsound|1 year ago

That's one of the reasons SVG is often a third party plug-in with WordPress it's because of all the security involved.

yread|1 year ago

CSP would help against that. But at that time alpine.js was incompatible with CSP...

Anyone tried using the new csp alpine.js build?

https://laravel-news.com/alpinejs-csp