Of course they shouldn't, that is the bug, I think? The authors thought they wer... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jrochkind1 on May 18, 2018 \| parent \| context \| favorite \| on: Another flaw in Signal desktop app leaks chats in ... Of course they shouldn't, that is the bug, I think? The authors thought they were displaying user-supplied HTML, not executing user-supplied code. You can say secure chat clients should not display HTML messages, but that's a pretty different thing.

fjsolwmv on May 18, 2018 [–]

Yes the only problem is that the text markup language happens to include by default a Turing complete network-enabled live-interpreted programming language because 25 years ago someone wanted to write a funny message in the Netscape status bar.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact