search

jointakahe / takahe

An ActivityPub/Fediverse server
BSD 3-Clause "New" or "Revised" License
1.1k stars 83 forks source link

fix potential vulnerability when fetching remote json data #700

Open alphatownsman opened 4 months ago

alphatownsman commented 4 months ago

when fetching remote actor or status, content type must be one of:

I did not apply this check to:

because I don't think we have to, but open to be convinced otherwise

AstraLuma commented 1 month ago

I think this is partially redundant with #679