This Strip is Not Safe For Work!

You can inject HTML into some text inputs, like the titles of forum posts and strip titles. IDK if this is intentional but it can cause some parts of the site to bug out. Idk how serious of an issue this is, but it could be fun to keep.

Ive been messing around with putting HTML in different parts of the site and it seems like you can't do it in forum comments. The tags get deleted after you press post or update

yes, titles are allowed (and intentional!.. err.. I mean became intentional after `sam sai pef and friends` found out about it )

Seems like a weird idea, but I worry the injection might end up being utilized by bad actors to inject malicious code through titles and descriptions, effectively making them full-on security risks, completely beyond the strip creator's control at worst. I've heard about "cross-site scripting" and "remote code execution" which are things used by bad actors to run malicious code on websites that don't properly treat HTML code as plain text. While there are some genuine or fair uses for them, they can easily be abused by people who just want to make others' lives more miserable...you should search and see how it could *potentially* be used by bad actors to run malicious code just from the strip's title or the description of one of the panels. I feel like it would be best to disable it for certain strips/panels; either those created after a specific date or those that haven't been manually approved. In the latter case, the code should be checked to ensure that no malicious things can happen. If the code is safe to run (like simple text effects and animations) then it will be a lot more likely to be approved. Otherwise, code that clearly has malintent behind it (like redirects to sketchy websites, even if it's only done on a random chance) should not be approved, and thus not be executed. I think this idea will help the website to be more secure and only run code in titles/panels that were specifically approved and confirmed for sure to be safe to run.

I understand your concern and we already addressed it 👍 (or i should say: it's not normal to inject html and you should tell me about it if you found a part of a site where you can 🤔) but because Sam had so much fun with it and he is trustworthy he is allowed to inject them in the titles still (with a few others, it's now an extra special privilege; and by allowed I mean it's enforced by the sites code who can or cannot - so if someone possibly nefarious comes in and tries it you will only see the text and it won't be evaluated in code)

`Symmetrical` My concern with it (heavy, ongoing) was addressed by having it disabled on my account. It's a time bomb for sure!

Hopefully Sam has good account security!

a a a a holing crap this is just like cohost oh it only shows up in preview

still it's nice that you tried it out 👍 injection is such an easy mistake it can show up anytime anywhere 🤔

also shoutouts to cohost its like twitter/tumblr but with with (almost) full inline css in posts and no metrics also probably the only posttwitter ive seen where everyone's not pissed 24/7

no one? then what's the point? 🤭