Lemmy Review
Funny, Bizarre and Awful. Here is a home to post Reviews, Feedback, Listings and Q&As from E-stores across the internet!
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. No shock content, gore or content unrelated to E-Store Reviews/Listings/Q&As/Customer Feedback.
-Content should relate to the E-Shopping Experience:
-Reviews
-Listings
-Q&As
-Customer Feedback
-Facebook Marketplace
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
Also check out:
Partnered Communities:
...
view the rest of the comments
If anything this is probably a vulnerability in a browser implementation (or one of the apps). I'd be surprised if Lemmy in and of itself is vulnerable to an attack via embedded JS in a picture.
No offense, but I think you're putting too much trust on the Lemmy code. I'm not saying the code is bad, but it's just as likely as other codes that the vulnerability is in Lemmy's code.
But lemmy itself shouldn't really interact with the images in terms of decoding them. Just having the code in the image may be weird but it should only affect code that actually tries to read and understand the bytes. Just passing it around shouldn't cause the code to be executed.
And the real decoding and displaying is hopefully done by the browsers Codebase, not by anything Lemmy does itself.
At least that's my line of reasoning. I may very well be off here.