Attempting to create a post with a title of “0! = 1” causes lemmy to stall, with the create post button remaining as a little spinning circle and no error messages.

This is not ideal?

    • TootSweet@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      1
      ·
      edit-2
      1 year ago

      There is no such things as unsafe text or unsafe characters. Only incorrect and insecure encoding practices. There’s no valid security reason why something like 0 != 1 (or for that matter '); drop table posts; --) should not be allowed as a post title unless the developers are just too lazy or clueless to use parameterized SQL queries and correctly escape the title when including it in an HTML template.