@foone
Practically, they might be using the one Python JSON library that does this by default for whatever reason (ujson, I think)
1
Discussion
Loading...
@foone
Practically, they might be using the one Python JSON library that does this by default for whatever reason (ujson, I think)
1
@redsakana I think the backend for this is PHP, annoyingly enough
@foone fwiw Perl's quotemeta function would escape / but it would also escape .
@foone My guess would be because in a flagrant layering violation some process in their tooling looks for URLs and does something undesirable with them. They found a "solution".
@foone Multiple layers of decoding and at least one of them doesn't do its own input sanitization?
@foone if you have JSON in a script tag you need to escape it
this is somewhat analogous to saying if you are going to wear pants on your head you need to take your keys and phone out of your pockets, but hey
1
@gloriouscow oh, maybe.
dumb but maybe
1
@gloriouscow the site I'm subtweeting that does this is tumblr, who are known to have a little bit of a pants-on-head approach to software development, so it wouldn't surprise me
1
ah yes tumblr
the site that makes me think "this site has people just like me on it and that is exactly why i will never go there"
1
@gloriouscow aww, don't you want to be around people just like you?
is this a self-hatred thing?
1
sorry i keep telling myself to knock it off with the self-deprecating humor; but it slips out now and then
1
1+ more replies (not shown)
@foone To stop them turning up as clickable when viewed, maybe?
is this because /foo/ is a regex string in JS?
but they're inside quotes!
is this because /foo/ is a regex string in JS?
but they're inside quotes!
1
@foone something something regex / something something being handled at the wrong layer was my first guess