Ethan@programming.devtoProgramming.dev Meta@programming.dev•Looks like our instance got another shout-out on Hacker NewsEnglish
1·
1 year agoI’ll still use Reddit for cat pictures and stuff like that but this feels more like a community to me than Reddit ever did.
100%. Always act as though user provided content is malicious.
Uh… what? JavaScript is a client-side language (unless you’re using NodeJS, which Lemmy is not). Which means JavaScript runs in the browser. And that JavaScript has access to cookies, that’s just a basic part of how web browsers work. Lemmy can’t do anything to prevent that.
Again, Lemmy can’t do anything about that. Once there’s a vulnerability that allows an attacker to inject arbitrary JS into the site, Lemmy can’t do anything to prevent that JS from making requests.
On the backend you’d still have a single system which kind of defeats the purpose. Unless you’re proposing a completely independent backend? Because that would be a massive PITA to build and would drastically increase the system’s complexity and reduce maintainability.