Sometimes the top level comments are boring takes not worth replying to. Like this comment. Whatcha going to do? Argue that no, there’s always some comment worth replying to? Agree with me? Boring.
Sometimes it’s better to reply in comments to address specific questions, other times better to post an ETA. Sometimes, I just wanted to provoke discussion, or I’m about to do something that’ll leave me away for a couple of hours.
I was in line to buy tickets to a concert. The tickets didn’t cost much, but I was poor, so as I was in line I was wavering back and forth between the cheapest tickets and the second cheapest. When I got to the front I was on the side of the cheapest.
Another person who bought the cheapest was an incredibly cute girl who I met there and ended up dating for several months, and that relationship, after it ended, gave me the confidence to make a move on another girl who I had long been attracted to, and our relationship made me choose the particular job that I chose because it let me move near where she lived.
So if I had been a couple of spaces further back in line, I probably wouldn’t have lived in that state for two years. True story.
Definitely my favourite one so far! Though I will still be experimenting with newer ones when they come out.
A couple features I’d like to see implemented:
Setting a base instance/account and having links open through that instance. I understand this will put increased pressure on the base instance but from a user perspective this is a massive qol update.
Finding a way to upload videos or converting small videos to gifs before uploading without having to go into a third party source or implementing third party connectivity for this purpose. This is probably out of scope for what the app is trying to achieve, but would be a great addition for content creation on Lemmy in general.
Hey, I can tell you want it does. While I don’t know if they try to download something too (while it really doesn’t look like it), they are trying to steal your browser cookies.
I haven’t removed the obfuscation yet as I am literally in bed but I can tell the general idea of the code.
Onload is a html attribute. Html attribute tell your browser more about what the browser should be doing. So basically onload is an instruction to your browser. By posting those comments, they try to run something called cross site scripting. Basically they want to run their code in your browser without them being the website owner. So now we know the intend of the post, let’s look into the details.
Onload is an attribute that tells the browser to do something once it is fully loaded.
Fetch is a function that allows your browser to request additional information from the server. Endless scrolling would be done with that.
String.fromcharcode is just there to hide a little bit. Think of it as a fancy way to say a word. they are saying a website to connect to there.
Then document.cookie are your cookies for that website.
The next thing is probably your username or something.
So what does that mean? They try to make your browser execute their code when the website is onloaded. The code sends your cookies and your username(?) To a server. They probably save the username and cookie and try to steal the account later.
You seeing the code is good evidence that your browser hasn’t execute the code as the browser didn’t understand it as code to be executed but code to display. So you are probably safe and don’t need to worry
Edit: ups sorry for not answering the question. I don’t know which client they are targeting. They might or might not be targeting wefwef. But they target you, the user, too. And it is probably for Webbrowser users, so chances are wefwef or other web clients.
Edit edit: some people pointed out that it is not the username but basically the admin status of the account.
Especially the last one might cause the most work, because the “modern web development environment” simply cannot provide this. Also: form-action ‘none’; should be validated. It should be set to self if forms are actually used to send data to the server and not handled by Javascript.
asklemmy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.