cross-posted from: https://sh.itjust.works/post/923025

lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar.

It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars.

    • TruckBCMA
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      While I respect their decision, I believe that’s a over-reaction at this point and we will not be doing that, yet.