faboosh

joined 1 year ago
[–] faboosh 2 points 1 year ago

Didn't expect to see brennan referenced here, noice

[–] faboosh 11 points 1 year ago (3 children)

Lemmy is the first platform I've come across that I'm actually excited to use in many years. Being federated and not motivated by profits (with all the tracking and selling of personal information that it entails) makes me feel like I'm not the product.

[–] faboosh 1 points 1 year ago

Also worth mentioning, iframes have a sandbox attribute which can be used to lock down which browser APIs it has access to (they can't access much out of the box anyway, but this allows further locking down).

Say you have a webserver rendering the Fumen sequence, you could have the step buttons just be links to the next/previous steps. This would require no JS to run within the iframe, which is a great step to harden security even further.

[–] faboosh 1 points 1 year ago

I just saw the updates regarding encoding it as a video, there isn't a good way to provide a slideshow without at least some JS, which kind of defeats the purpose of compatibility/universality. My take is that the iframe + light JS to mount it is the least headache and the most compatible.

[–] faboosh 1 points 1 year ago

I can't swear on it, but afaik iframes are fully sanboxed.

[–] faboosh 1 points 1 year ago* (last edited 1 year ago) (5 children)

Just spitballing, but you might not even need to inject much JS on the lemmy side. This sounds like something that could load in an iframe, pointed to a server that can render the Fumen sequence. The injected Lemmy JS could then identify the Fumen sequence, and inject the iframe. Main issue I see with this is mobile users, where you can't really inject code at runtime.

EDIT: Saw that you mentioned using iframes already, I'm seconding that option. I also think it could be neat to use something like code blocks with tags, say !#fumen [insert fumen string here]

[–] faboosh 1 points 1 year ago

omg her eyes!!!

[–] faboosh 3 points 1 year ago

Really nice job so far! If you don't mind me asking, how did you manage to get around CORS? I've started tinkering with the official JS client and ran into issues.

[–] faboosh 2 points 1 year ago

gravity defying sploot

268
submitted 1 year ago by faboosh to c/cat
 

he just does that sometimes