Piggo is a user on dev.glitch.social. You can follow them or interact with them if you have an account anywhere in the fediverse.
Piggo @MightyPork

Wow this is very uncool, injected tracking script in instance description text. wtf ???

dev.glitch.social/media/ly14kv

Β· Web Β· 18 Β· 8

@MightyPork bonus for the least obfuscated filename required to get around ad blockers as well

@MightyPork I don't / won't do that, but I'm not totally opposed to self-hosted analytics. They already have the server logs.

@Exagone313 @MightyPork this a tracking script for a self-hosted piwik instance, and the script is only on the about page.

@angristan @Exagone313 it looks like some odd attempt at XSS if it's in the instance description JSON (maybe by accident, but not really good imo)

@MightyPork @angristan Is it meant to be displayed eslewhere? You wouldn't output unsafe html content anyway.

@MightyPork Is that sanitized somewhere? If not then there is a need for a PR.

@lx the backend is written in C99 and there's some rudimentary validation. You're more than welcome to write me an IP validator in C :P

@MightyPork Check the toot I replied to, I meant a different thread :P

@lx thats what you get for thread hopping:P
anyways the offer still stands :PP

@MightyPork I would, but I am lacking extra time for things like that. If I had the time, I would make a PR for dynamic page width for Mastodon. πŸ˜„