If a post body contains an unclosed HTML tag, it will be automatically closed it at the end of window.isoData and then all Javascript functionality disappears.

  • kakes@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    That’s a bit concerning, isn’t it? I would think the fact that HTML in the post body is being parsed at all hints at the possibility of an injection attack.