It looks like the ex-DDG employee got the details wrong, and read the slides backwards.

  • 30mag@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    1 year ago

    The claim was that Google was taking a query for “kids clothing” and turning it into " kids clothing" to get more ad revenue from , but the slide shows the exact opposite: " kids clothing" is turned into “kids clothing”.

    Am I having a stroke?

        • Skull giver@popplesburger.hilciferous.nlOP
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          1 year ago

          I assume it has to do with code filtering out attempts to inject HTML / scripts into comments. Lemmy had a bunch of bugs that allowed hackers to inject Javascript so they turned on quite an aggressive filter.

          • mindbleach@sh.itjust.works
            link
            fedilink
            arrow-up
            4
            ·
            1 year ago

            They fucked it up completely in a way that raises questions of competence.

            HTML has ways to display angle brackets specifically intended to never be interpreted as tags. “Entity names” will never be code. There’s not even a sensible way to do it deliberately, like %20 nonsense.

          • 0xD@infosec.pub
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            Could have done it with proper encoding, don’t need to remove it lol o.O

            • MotoAsh@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Allowing tainted data in to the dataset means every single client has to do every single spot of content rendering correctly or else be vulnerable to easy hacking. Keeping it out of the dataset means not all clients have to be perfect for Lemmy to be a secure place.