I assume it has to do with code filtering out attempts to inject HTML / scripts into comments. Lemmy had a bunch of bugs that allowed hackers to inject Javascript so they turned on quite an aggressive filter.
They fucked it up completely in a way that raises questions of competence.
HTML has ways to display angle brackets specifically intended to never be interpreted as tags. “Entity names” will never be code. There’s not even a sensible way to do it deliberately, like %20 nonsense.
I assume it has to do with code filtering out attempts to inject HTML / scripts into comments. Lemmy had a bunch of bugs that allowed hackers to inject Javascript so they turned on quite an aggressive filter.
They fucked it up completely in a way that raises questions of competence.
HTML has ways to display angle brackets specifically intended to never be interpreted as tags. “Entity names” will never be code. There’s not even a sensible way to do it deliberately, like %20 nonsense.
Could have done it with proper encoding, don’t need to remove it lol o.O
deleted by creator
The point of encoding, the process of representing data in a different way, is to have the data set not be tainted. :)
Here, for example: https://www.w3schools.com/html/html_entities.asp