this post was submitted on 22 Feb 2024
61 points (94.2% liked)
Jerboa
10300 readers
2 users here now
Jerboa is a native-android client for Lemmy, built using the native android framework, Jetpack Compose.
Warning: You can submit issues, but between Lemmy and lemmy-ui, I probably won't have too much time to work on them. Learn jetpack compose like I did if you want to help make this app better.
Built With
Features
- Open source, AGPL License.
Installation / Releases
Support / Donate
Jerboa is made by Lemmy's developers, and is free, open-source software, meaning no advertising, monetizing, or venture capital, ever. Your donations directly support full-time development of the project.
Crypto
- bitcoin:
1Hefs7miXS5ff5Ck5xvmjKjXf5242KzRtK
- ethereum:
0x400c96c96acbC6E7B3B43B1dc1BB446540a88A01
- monero:
41taVyY6e1xApqKyMVDRVxJ76sPkfZhALLTjRvVKpaAh2pBd4wv9RgYj1tSPrx8wc6iE1uWUfjtQdTmTy2FGMeChGVKPQuV
- cardano:
addr1q858t89l2ym6xmrugjs0af9cslfwvnvsh2xxp6x4dcez7pf5tushkp4wl7zxfhm2djp6gq60dk4cmc7seaza5p3slx0sakjutm
Contact
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That was a bug in a lemmy 0.18.X, where it introduced sanitation against XSS. After XSS attack had happened. Which was introduced with the custom smiley feature, which allowed arbitary js to be executed on every client.
Which then was removed in 0.19. When I had discussion with the Lemmy devs that this responsibility lays on the clients to properly santize this. (Display text as text, fault layed in Lemmy UI)