• #dev 2018-10-13
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2018-10-13 UTC
# 22:26
AngeloGladding so aaronpk you have "If a receiver chooses to display data it picks up from source, it MUST ensure that the data is encoded and/or filtered to prevent [XSS] and [CSRF] attacks." https://www.w3.org/TR/webmention/#preventing-abuse-li-3 then in https://www.w3.org/TR/webmention/#limit-access-to-protected-resources you certainly mention the core of the problem but the crux of this "new era" in SSRF is in