Paul Frazee
Paul Frazee
Yeah that `requestService()` API suggestion makes sense to me The offline-readiness argument makes sense but yeah, I'm not sure how to fit that into PSA at the moment. I'm inclined...
@dorkmo We definitely plan to make it possible (using the DHT/discovery-net) to create sockets between users on a site. Whether we can setup a DHT to act like a general-purpose...
> The challenge with using @ is that there are no handles in Fritter, so it would need to be more like the way facebook completes than how twitter does....
Awesome!
Looking good!
That's a fair point. In SSB we used Markdown to solve the issue. If we use HTML, we have sanitation issues though, right? CSPs help with that sort of thing...
Sanitation is much easier if you're not expecting html elements to be specified in the input though, right?
The simplest to implement and therefore safest approach is to create a container element and then set the content using `.textContent` ([more info](https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet#RULE_.236_-_Populate_the_DOM_using_safe_JavaScript_functions_or_properties)). By introducing HTML in the content we...
We're stacking in a lot of new complexity here. Not only is security more complex to handle, but you're putting data into a second internal format. The mention `` or...
@SaFrMo I think that's good. It also lets non-supporting clients know that a mention was attempted without putting too much junk in the text.