Alice Averlong🏳️⚧️anyone know why a service would escape slashes (not backslashes, forward slashes) in their JSON?
like this shit is all {"url":"http:\/\/www.foobar.egg\/web\/site.html"}
is this because /foo/ is a regex string in JS?
but they're inside quotes!
brennen
Brooke Vibber 
emily, blinkenlight witch@foone I cannot think of a *good* reason, but bad reasons include that or "trying to use the whole ass url as a filesystem path component somewhere"
they didn't escape . so probably not regex
they didn't escape . so probably not regex
@foone cursed DSL where both / and \ work as string escape prefixes
Hugo Mills
afewchoicewords@darkling ..that's so evil
@afewchoicewords Why, thank you. 
@brennen @foone / as an escape *suffix*
\n = n/
\t = t/
\/ = \/, accidentally ambiguous because someone let the C people do syntax again, later defined to mean / as a patch
edit: you know you're good at computer when your shitposts find bugs in your fedi server https://codeberg.org/superseriousbusiness/gotosocial/issues/4762
\n = n/
\t = t/
\/ = \/, accidentally ambiguous because someone let the C people do syntax again, later defined to mean / as a patch
edit: you know you're good at computer when your shitposts find bugs in your fedi server https://codeberg.org/superseriousbusiness/gotosocial/issues/4762
[bug] Markdown escaping rules applied even when Markdown is turned off
### Describe the bug with a clear and concise description of what the bug is. I made [this post](https://fedi.uni.horse/@emily/statuses/01KKSSWHXVSYFV3R3XQTBSB7PT), in which I suggested a cursed variant of backslash escapes. In the process, I discovered a different cursed variant of backslash es...
mirth
Raven667
mirabilos
Negative12DollarBill@foone To stop them turning up as clickable when viewed, maybe?
elsa sloth-ringen@foone that would not be enough backslashes for regex-escaping : 1 backslash would be intercepted by the JSON instead of the software reading the json
gloriouscow@foone if you have JSON in a script tag you need to escape it
this is somewhat analogous to saying if you are going to wear pants on your head you need to take your keys and phone out of your pockets, but hey
@gloriouscow oh, maybe.
dumb but maybe
dumb but maybe
@gloriouscow the site I'm subtweeting that does this is tumblr, who are known to have a little bit of a pants-on-head approach to software development, so it wouldn't surprise me
ah yes tumblr
the site that makes me think "this site has people just like me on it and that is exactly why i will never go there"
@gloriouscow aww, don't you want to be around people just like you?
is this a self-hatred thing?
sorry i keep telling myself to knock it off with the self-deprecating humor; but it slips out now and then
@foone maybe to rephrase -
the bests posts from tumblr inevitably wind up on reddit or somewhere, so you can sort of enjoy the best of it without ever having to find yourself in a heated philosophical debate over the ethics of marrying a pokemon
@gloriouscow true but if you find the right parts of tumblr (and block anyone trying to cause drama) you end up in the parts where they'd only argue about which pokemon is the hottest
to wax a bit more serious, there's a certain sort of unfettered, unashamed honesty there, at least from the filtered snapshots of it that become viral in someway, that one really only finds in lgbt+, neurodivergent and furry communities (did i just repeat myself three times?), the sort of bravery that I both inherently respect and involuntarily cringe at, like using your puppy mask as your profile pic on facebook
this has been a struggle my entire life, as I often feel like an outsider even in the communities that should feel small and inclusive, to the point where if someone made like an anthropomorphic bovine retrocompter enthusiast meetup forum i'd look at it and go ahhh i probably wouldn't fit in there.
in the end when you look back at a lifetime of doing this, you notice that squandered a lot of opportunities for joy and kinship, to try to preserve your reputation among a group of people you never even cared about and who never cared about you.
if fear is the mind killer, cringe is the soul killer.
@gloriouscow I know the feeling. It's something I've worked hard to get over, and only recently made any progress at getting over.
All I can say is that there's plenty of accepting places, if you can work up the courage to join them. And I'd be happy to help in any way I can!
@foone thank you Alice. As long as you're out there somewhere, tearing apart the machinery of our childhoods with your special brand of distilled chaos, I will never feel truly alone.
also, before anyone asks, lucario. definitely lucario
@gloriouscow oh, everyone wants Lucario!
felidoptera (chridd)@foone I just looked in developer tools and the request I saw had unescaped slashes.
View source shows a script tag with JSON in it, and that also has unescaped slashes for me and doesn't seem to have any escaped slashes.
(Maybe it only does it if there's </ somewhere in the JSON, or something like that?)
Dave Brotherstone@foone @gloriouscow definitely not dumb, it's the shortest way to escape it. <script>window.data={"username":"</script><script>console.log('all your cookies are belong to us');//","roles":["admin"]};</script>
I think Google escapes / in JSON with a \u code, which is a bit longer, but prob more officially correct, although standard says (I think) that \<unrecognized char> is just <unrecognized char>, so it works officially everywhere.
Random Damage 🌻@foone Multiple layers of decoding and at least one of them doesn't do its own input sanitization?
Chung-chieh Shan 單中杰@foone fwiw Perl's quotemeta function would escape / but it would also escape .
Great Joe
Daniel
Mx. H. Wren D'Arcy@foone "how can i make more Ws and Vs in my code i love those fuckin letters"
⁂ Fish Id Wardrobe@foone by mistake?
redsakana@foone
Practically, they might be using the one Python JSON library that does this by default for whatever reason (ujson, I think)
Practically, they might be using the one Python JSON library that does this by default for whatever reason (ujson, I think)
@redsakana I think the backend for this is PHP, annoyingly enough
Andrew Golding@foone coming in way late on this one, was reading RFC 8259 in order to write a JSON parser in Lisp and section 7 on strings defines a section at the end that calls out / as a character to escape. I think most encoders don't do this because it's pretty nutter butter. Of course, same section / is in the range of unescaped characters.
Guess that goes into the "must accept on decode but don't send it that way" bucket.