this post was submitted on 22 Feb 2024
61 points (94.2% liked)

Jerboa

10300 readers
2 users here now

Jerboa is a native-android client for Lemmy, built using the native android framework, Jetpack Compose.

Warning: You can submit issues, but between Lemmy and lemmy-ui, I probably won't have too much time to work on them. Learn jetpack compose like I did if you want to help make this app better.

Built With

Features

Installation / Releases

Support / Donate

Jerboa is made by Lemmy's developers, and is free, open-source software, meaning no advertising, monetizing, or venture capital, ever. Your donations directly support full-time development of the project.

Crypto

Contact

founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] testEmailVerified@lemmy.world 2 points 8 months ago

That was a bug in a lemmy 0.18.X, where it introduced sanitation against XSS. After XSS attack had happened. Which was introduced with the custom smiley feature, which allowed arbitary js to be executed on every client.

Which then was removed in 0.19. When I had discussion with the Lemmy devs that this responsibility lays on the clients to properly santize this. (Display text as text, fault layed in Lemmy UI)