New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

publish: let users provide exact silo post text in param/mf2 class #560

Closed
snarfed opened this Issue Nov 24, 2015 · 4 comments

Comments

Projects
None yet
2 participants
@snarfed
Owner

snarfed commented Nov 24, 2015

originally proposed here:

what if we support custom new webmention query params and/or mf2 classes that clients can use to give us the exact text they want to publish for a specific silo? that would relieve the pressure for complex transformations like this. sophisticated users/CMSes could use their own rich UI to craft this, then send it to us and we'd post it verbatim. unsophisticated users could keep using our existing translation. it would also let CMSes keep reusing our silo API implementations instead of doing it themselves, which i'm definitely for.

@kylewm

This comment has been minimized.

Show comment
Hide comment
@kylewm

kylewm Dec 2, 2015

Collaborator

👏 very innnnnteresting

Collaborator

kylewm commented Dec 2, 2015

👏 very innnnnteresting

@snarfed

This comment has been minimized.

Show comment
Hide comment
@snarfed

snarfed Dec 2, 2015

Owner

"Beware of bugs in the above code; I have only proved it correct, not tried it."

Owner

snarfed commented Dec 2, 2015

"Beware of bugs in the above code; I have only proved it correct, not tried it."

@kylewm

This comment has been minimized.

Show comment
Hide comment
@kylewm

kylewm Dec 3, 2015

Collaborator

if you have a post that embeds the brid.gy/publish/twitter link but hasn't been published yet (say on a site that embeds the link on every page for convenience) ... is there anything to prevent a malicious/mischievous 3rd party from sending a webmention with the &bridgy-twitter-content= parameter set to whatever they want?

Collaborator

kylewm commented Dec 3, 2015

if you have a post that embeds the brid.gy/publish/twitter link but hasn't been published yet (say on a site that embeds the link on every page for convenience) ... is there anything to prevent a malicious/mischievous 3rd party from sending a webmention with the &bridgy-twitter-content= parameter set to whatever they want?

@snarfed

This comment has been minimized.

Show comment
Hide comment
@snarfed

snarfed Dec 3, 2015

Owner

ooh, great catch! there absolutely is not; that's a huge hole.

the simple fix is just to drop the query param entirely, which I'm ok with, unless you can think of a safe way to keep it...?

Owner

snarfed commented Dec 3, 2015

ooh, great catch! there absolutely is not; that's a huge hole.

the simple fix is just to drop the query param entirely, which I'm ok with, unless you can think of a safe way to keep it...?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment