• Max-P@lemmy.max-p.me
    link
    fedilink
    arrow-up
    19
    ·
    10 months ago

    Those instances are still on Lemmy 0.18 where the bug got introduced, not a Jerboa problem. Literally all the apps and frontends were affected.

  • sabreW4K3@lemmy.tf
    link
    fedilink
    English
    arrow-up
    11
    ·
    10 months ago

    I haven’t noticed that & I check quite a lot. I guess I need to take more time & check more. Anyway, this sounds like a bug. Maybe you should go & report it on Github & let me know when you get back.

  • Treczoks@lemm.ee
    link
    fedilink
    arrow-up
    5
    ·
    10 months ago

    Not only on Jerboa. Basically all titles are affected, and it is not only the ampersand which is an issue.

  • MV [Jerboa dev]@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    10 months ago

    That was a bug in a lemmy 0.18.X, where it introduced sanitation against XSS. After XSS attack had happened. Which was introduced with the custom smiley feature, which allowed arbitary js to be executed on every client.

    Which then was removed in 0.19. When I had discussion with the Lemmy devs that this responsibility lays on the clients to properly santize this. (Display text as text, fault layed in Lemmy UI)