#dev 2023-10-14

2023-10-14 UTC
# 00:08 
[tantek] aaronpk is that the latest cassis.php? (Top of tree)
# 00:10 
aaronpk no, it is at this commit https://github.com/tantek/cassis/tree/09ac2b30845b7d66583615f508a45185820324c8
# 00:37 
[tantek] Hmm
# 00:37 
[tantek] Well since that file is one line per function the error message isn't super helpful
# 00:39 
aaronpk oh yeah huh
# 00:48 
Renfield gRegor: I'm using indieAuth for sign in.
# 00:49 
Renfield Oh, gone.
# 00:49 
aaronpk even better
gRegor joined the channel
# 01:01 
gRegor Oh, if you have an IndieAuth server on your site then yeah you don't need the rel-me for sign-in
# 01:02 
Renfield I was just following indiewebify.me. I guess it prefers rel=me over indieAuth. Anyway I've got a rel=me for h-card and so step two thinks that's good enough.
# 01:04 
gRegor So there's some naming confusion between IndieAuth the protocol and IndieAuth the service.
# 01:05 
gRegor If you're trying to use your domain to sign in, try it on indieweb.org and see what it shows you for options.
# 01:05 
Renfield I'm using the protocol. I'm using the selfauth PHP script.
# 01:05 
gRegor Cool
# 01:49 
[catgirlinspace] what do i do with webmentions that i receive for paths that aren’t a post/note?
# 01:52 
sknebel ones for your frontpage are kind of interesting as "someone mentioned you", other than that you decide whats a valid target to receive and store mentions for
# 01:53 
sknebel e.g. if you plan to show them as comments on posts, maybe you dont want to publicly show them for the homepage or other pages
# 01:54 
[catgirlinspace] ah, so could have like a page only visible to me for webmentions for my front page?
# 01:54 
sknebel for example
# 04:22 
GWG Should Ticket Auth be called Ticket Auth? Maybe the name is an issue?
jbove joined the channel
# 05:52 
GWG Added some things to the Ticket auth Page in the Intro section.
[jeremycherfas] joined the channel
# 06:28 
[KevinMarks] Calling anything Auth is confusing. Is it an it-me or can-I-hae?
gerben joined the channel
# 06:36 
c​apjamesg Yeah.
# 06:36 
c​apjamesg That may be where some of my confusion has come when trying to understand Ticket Auth.
[tantek]1, [pfefferle]1 and gerben joined the channel
# 07:47 
capjamesg TIL about the WinterCG https://wintercg.org/
[campegg], saptaks, wagle, IWDiscord, jbove, Renfield, [capjamesg], jonnybarnes, monoob0 and geoffo joined the channel
# 12:56 
GWG capjamesg: Did the updated intro help?
# 13:08 
t​haidaree to pick your brain a bit... my use case is this:
# 13:08 
t​haidaree I'm using Django to generate a static bundle of pages and serve it as files. this way the back-end doesn't exist and it's local only.
# 13:08 
t​haidaree However, the JS part is very limited here. I'm thinking that I could go with some sort of page where there are a number of static HTML files and a number of "some other files" (not sure yet).
# 13:08 
t​haidaree Then the user comes and requests a page, gets the full bundle, and when they request a different page (different article on the blog) to render in browser that other bit using "some other file", but the url history is pushed. Not a hash based.
# 13:08 
t​haidaree Thoughts how to achieve it?
# 13:12 
t​haidaree basically it's some hydration part that would have to happen, but I don't want to have a back-end to reduce the attack surface
gerben, eitilt, [aciccarello], AramZS, [jacky], [tantek]2, [jeremycherfas]1 and [pfefferle]2 joined the channel
# 17:41 
aaronpk [tantek]: https://github.com/tantek/cassis/issues/42
# 17:42 
Loqi [preview] [aaronpk] #42 junk output with `auto_link`
# 17:48 
aaronpk and finally found the issue that triggered the indienews bug
# 17:48 
aaronpk https://github.com/tantek/cassis/issues/43
# 17:49 
GWG aaronpk++
# 17:49 
Loqi aaronpk has 42 karma in this channel over the last year (112 in all channels)
# 17:49 
Loqi [preview] [aaronpk] #43 Error with `auto_link` with simple @-username mention
# 17:55 
GWG Still staring at ticket auth
[schmarty] and [catgirlinspace] joined the channel
# 18:29 
[catgirlinspace] [snarfed] sorry if i asked this before (i don't think i have, but honestly don't remember for sure) but does granary do any kind of html sanitizing on mf2-json outputs?
# 18:56 
[catgirlinspace] oh and another question--when i include a link to webmention bridgy fed am i supposed to just, leave the inner text completely blank?
geoffo joined the channel
# 19:04 
GWG [catgirlinspace]: It is a signal, not something for users to click
[snarfed] joined the channel
# 19:52 
[snarfed] right
# 19:52 
[snarfed] [catgirlinspace] HTML is expected in e-* mf2 properties like content, right? what kind of sanitizing were you expecting?
# 20:05 
[tantek]2 aaronpk re: 42, note as you quoted: "wrap your PHP include of cassis.js and use of functions therein" that latter clause is key
# 20:06 
[tantek]2 calls to any cassis function also need to be wrapped with the ob_ wrappers
# 20:06 
[tantek]2 So that garbage out you're seeing is from calling the function, not it's output
# 20:23 
[tantek]2 thanks auto-correct for auto-misinserting that last apostrophe
# 20:39 
[tantek]2 aaronpk++ for that issue 43, that has enough information to both track down the bug and potential other instances of the bug
# 20:39 
Loqi aaronpk has 43 karma in this channel over the last year (113 in all channels)
# 20:56 
[tantek]2 maybe this is the weekend I update cassis for PHP8
# 21:00 
[tantek]2 this seems like a pretty big change in PHP 8 and I like it - out of range requests in string functions now return an empty string instead of false, e.g. https://www.php.net/manual/en/function.substr.php "If an invalid character range is requested, *substr()* returns an empty string as of PHP 8.0.0; previously, *`false`* was returned instead."
# 21:02 
superkuh is an empty string equal to false in logical contexts in PHP like it is in perl?
# 21:12 
[tantek]2 yes
gRegor joined the channel
# 21:53 
[catgirlinspace] [snarfed] was planning to use granary so that when i like, reply to a post from my website i can have a little embed of the post i'm replying to. but if the html in the mf2-json isn't sanitized then that kinda opens up xss on my own website lol,,,
# 21:58 
[tantek]2 what is embed of the post i'm replying to
# 21:59 
[tantek]2 gives Loqi a nudge
# 21:59 
Loqi grabs the nudge
geoffo joined the channel
# 21:59 
[tantek]2 what is reply context
# 21:59 
Loqi A reply context is the display of what a reply post is in reply to, including linking to that original post with in-reply-to markup, showing some amount of that original post like author name, icon, summary / ellipsed content, and datetime published https://indieweb.org/reply-context
# 21:59 
[tantek]2 ^ [catgirlinspace] lots more in there
# 21:59 
[snarfed] yeah granary is just a format converter
# 22:00 
[snarfed] and if you're converting HTML to mf2 JSON, that's just parsing mf2, you probably want to do that directly
# 22:06 
[tantek]2 aaronpk, I believe I fixed that cassis issue 43 with this update: https://github.com/tantek/cassis/blob/master/cassis.js but I don't have "easy" access to a PHP8 environment to test it (new code still works in PHP 7.4, with the test case you used). can you verify with your PHP8 environment?
# 22:07 
[tantek]2 or if anyone else wants to try https://github.com/tantek/cassis/issues/43
# 22:07 
[tantek]2 with that latest top of tree cassis.js
# 22:07 
Loqi [preview] [aaronpk] #43 Error with `auto_link` with simple @-username mention
# 22:07 
[tantek]2 in a PHP8 environment
# 22:29 
gRegor I think it's working. PHP 8.0.28, text/plain output of the code in 43: https://staging.gregorlove.com/indieweb/debug.php
# 22:32 
gRegor And with moving ob_get_clean() after `auto_link`: https://staging.gregorlove.com/indieweb/debug2.php
# 23:25 
aaronpk fantastic
monoob5 and [tantek] joined the channel
# 23:51 
[tantek] 🎉
klez joined the channel