• #dev 2020-01-25
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2020-01-25 UTC
# 16:09
[dmitshur] Have you considered the case of reducing the potential damage of forgetting to sanitize user-posted content on the page you use for signing in (via RelMeAuth)? If someone manages to inject a rel=me link, there’s a greater chance they can sign in via your domain unintentionally. Requering bidirectional account linking helps reduce that risk, but so does moving/copying rel=me links from body to headers.