Nico nico WRYY

48 Members
Saki Miyanaga is a high school freshman who doesn't like mahjong.37 Servers

22 Sep 2021

@urandom:maunium.netuwubot changed the room topic to "Saki Miyanaga is a high school freshman who doesn't like mahjong." from "The nexus of niceness".20:30:45
@tulir:maunium.nettulir <script>alert("hi")</script> allowing matrix html in the room name is fine-ish, allowing <script> is not 20:31:06
@nephele:nheko.imnephele tulir <script>alert("hi")</script>: I don't know if matrix static sanitizes that tbh 20:31:44
@nephele:nheko.imnepheleit's cache is pretty slow .-.20:31:50
@nephele:nheko.imnephelewell, persisten20:31:56
23 Sep 2021

@nephele:nheko.imnephele tulir <script>alert("hi")</script>: Well, it didn't pop up an alert, but the script tag isn't visible on view.mau.dev 14:15:26
@tulir:maunium.nettulir <script>alert("hi")</script>
Uncaught ReferenceError: hi is not defined
@tulir:maunium.nettulir <script>alert("hi")</script> changed the room name to "Urandom <script>alert("hi")</script>" from "Urandom <script>alert(hi)</script>".14:17:22
@nephele:nheko.imnepheleh e h14:22:59
@nephele:nheko.imnepheletulir: what version of matrix static is that?14:29:02
@tulir:maunium.nettulir <script>alert("hi")</script>just pulled latest docker image14:33:29
@nephele:nheko.imnepheleso it's /now/ running the latest?14:33:50
@nephele:nheko.imnepheleI'll send an email... ugh14:35:26
@tulir:maunium.nettulir <script>alert("hi")</script>I already sent a message to t3chguy14:37:41
@nephele:nheko.imnepheleOkay, I did send an email to security@ though14:38:49
@nephele:nheko.imnephelematrix.org has a matrix static instance either way, so that seems correct to me :)14:39:08
@nephele:nheko.imnephele!sh echo Nico nico WRYY > /dev/name16:53:08

@urandom:maunium.netuwubot changed the room name to "Nico nico WRYY" from "Urandom <script>alert("hi")</script>".16:53:09
@nephele:nheko.imnephelehi nico16:53:21
* @deepbluev7:neko.devNico goes shopping, see ya16:53:33
@nephele:nheko.imnephelebye nico16:53:38
@nephele:nheko.imnephele Nico: lol, i did not expect my minetest gamemode to pop up on the matrix blog... 17:52:47
@deepbluev7:neko.devNicoIt did? Oh, because of my screenshot ;p20:04:54
@deepbluev7:neko.devNicoFree publicity :D20:05:00

