Magazine dedicated to discussions about the kbin itself. Provide feedback, ask questions, suggest improvements, and engage in conversations related to the platform organization, policies, features, and community dynamics. ---- * Roadmap 2023 * m/kbinDevlog * m/kbinDesign
i had my profile all cute and customized and came back to see it a mess of html that wasn't being rendered anymore, even tho it previously was. anyone know why? will we no longer be able to use html in profiles anymore? โน
This is the commit/change that disabled it: turn on security options for commonmark
Being able to freely edit the html is fun, but it's also unsafe and can easily be abused. I assume it was disabled to prevent issues before they can occur.
Especially after the exploit that took down LemmyWorld and some other big instances just a few days ago. I'd rather lose some bells and whistles on my profile than leave possible attack vectors open.
Stuff like that is typically a huge security risk that allows for various kinds of injections.
Unfortunately, the security risk is a huge with HTML.