|
|
|
|
|
|
by generalizations
977 days ago
|
|
|
> Anything can be generated here. You could even host your own blog that uses my website as a renderer if you really wanted to. It supports markdown. > Every post that I want to publicly claim authorship of lives at the root of this site. If you are reading a post that I have claimed it will look like this page. Posts of unknown authorship have a disclaimer at the top of the page. https://joshcsimmons.com/post/H4sIAAAAAAAA%2F3xV227cRgx911cQ... (His permalinks are horrible, lol) |
|
|
Problem is, the posts can contain <script> elements. So it's easy to just write a little JavaScript that removes the disclaimer at the top. See this hastily-made, immature example of mine:
https://joshcsimmons.com/post/H4sIABO8LmUC/3VT0W7aQBB85yu2QV...
As it stands, this really isn't the most secure system. Something much more malicious could be injected into this!