benjojo.co.uk

benjojo posted 28 Jan 2025 23:03 +0000

I feel like I am rapidly approaching the LD50 of supplier security/legal onboarding surveys this month

benjojo replied 28 Jan 2025 23:09 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/Hh6R87Y21b9hZNqVTt

Dear valued customer,

Here is how your supplier legal onboarding email found me

Regards

A photo of a rocket launcher with "Congratulations! Your Oracle Fusion Applications account has been successfully created." written on it, being pointed directly at a cat who looks very sad

gsuberland@chaos.soc.. replied 28 Jan 2025 23:20 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/f8q6t9L2Q5gggbJr42

@benjojo html entities in the alt text is an amusing touch

benjojo replied 28 Jan 2025 23:22 +0000
in reply to: https://chaos.social/users/gsuberland/statuses/113908544350969018

@gsuberland oh I think that is just a honk-ism that I've never figured out. One day I will idk

tef@mastodon.social replied 28 Jan 2025 23:35 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/cYNWqdW8Ccp1R2Jl2c

@benjojo i think it's double escaping the alt text, so " is turning into "#34;

benjojo replied 28 Jan 2025 23:48 +0000
in reply to: https://mastodon.social/users/tef/statuses/113908603524749678

@tef na, in activatedonks() it escapes the summary (aka alt text) for some reason, as far as I can go back in history honk has always done this, I _think_ this function eventually hits my WebUI, so I think if I remove this I might end up with some elaborate XSS, but i've not actually traced or tested this yet (but it's been at the back of my mind for ages)

cc: @tedu

tedu@honk.tedunangst.. replied 28 Jan 2025 23:56 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/92n1fS4bY2F1mvT1X5

@benjojo yeah, it's a mastodon bug. that field is defined to be html, but they treat it as text, and give it a whack to turn it into html (again).

benjojo replied 28 Jan 2025 23:59 +0000
in reply to: https://honk.tedunangst.com/u/tedu/h/FYQy7HVhXW9mCS4Ntm

@tedu big M wins again