Wow this is very uncool, injected tracking script in instance description text. wtf ???
@MightyPork I don't / won't do that, but I'm not totally opposed to self-hosted analytics. They already have the server logs.
Exagone313 
@Exagone313 @MightyPork this a tracking script for a self-hosted piwik instance, and the script is only on the about page.
@angristan @Exagone313 it looks like some odd attempt at XSS if it's in the instance description JSON (maybe by accident, but not really good imo)
@MightyPork @angristan Is it meant to be displayed eslewhere? You wouldn't output unsafe html content anyway.
@MightyPork Is that sanitized somewhere? If not then there is a need for a PR.
@lx the backend is written in C99 and there's some rudimentary validation. You're more than welcome to write me an IP validator in C :P
@MightyPork Check the toot I replied to, I meant a different thread :P
@lx thats what you get for thread hopping:P
anyways the offer still stands :PP
@MightyPork I would, but I am lacking extra time for things like that. If I had the time, I would make a PR for dynamic page width for Mastodon. π
@MightyPork bonus for the least obfuscated filename required to get around ad blockers as well