Hacker News new | ask | show | jobs
by michaelanckaert 1555 days ago
Perhaps the response should not return raw HTML:

# curl https://simplekv.com/path/to/key2

<html><body><h1>Well, this seems safe...</h1></body></html>
1 comments
re6tor 1555 days ago
Thanks for your feedback! I see input sanitation as a double-edged sword: it could potentially prevent some misuse of the service (since it's 100% anonymous), but then ultimately you're the "owner" of your keys (though they're in reality public) and you should be able to write whatever you want in them.

I guess this argument could also be applied to Pastebin? Should it be returning raw HTML if asked to?

link
fathyb 1554 days ago
The "Content-Type" HTTP header is "text/html; charset=utf-8", you could make it "text/plain; charset=utf-8" to prevent HTML from being parsed.
link
re6tor 1554 days ago
That makes total sense, cheers!
link