Posted Wednesday, October 30 at 7:11 PM (3 weeks ago)
So, both Publ and Authl had a pretty naïve issue with the identity verification step of the IndieAuth flow; it simply accepted whatever the authorization endpoint said the user’s identity was. This made it very simple to spoof one’s identity and log in as anyone on any Publ or Authl site.
Authl 0.3.1 fixes the problem with the IndieAuth login flow, and Publ 0.5.8 fixes the problem with the Bearer token flow.
Posted Friday, September 6 at 5:27 PM (2 months ago)
So hey, if you’ve been using webmention.js you should probably update it, as there turned out to be an XSS issue found by Checkmention. Better to be safe than sorry etc. etc.
Posted Thursday, September 20 at 10:58 PM (a year ago)
Did you know that CSS3 has a style called
shape-outline? It’s pretty neat, it makes it so that a floated object gets a shape based on the alpha channel of its specified image. But it’s kind of a pain to set up; in plain HTML it looks something like this:
<img src="/path/to/image.png" width="320" height="320"
and if you want a different shape mask for your image than its own alpha channel, you have to do a bunch of stuff like making sure that the image sizes are the same and whatever.
Posted Wednesday, April 18 at 4:00 PM (2 years ago)
There are 21 more cat pictures!