1613606975 132776 :spruit11!~unknown@86-82-44-193.fixed.kpn.net QUIT :Read error: No route to host < 1613608172 896507 :spruit11!~unknown@86-82-44-193.fixed.kpn.net JOIN :#esoteric < 1613609739 93031 :arseniiv!~arseniiv@136.169.205.6 QUIT :Ping timeout: 256 seconds < 1613612370 824704 :spruit11!~unknown@86-82-44-193.fixed.kpn.net QUIT :Quit: Lost terminal < 1613612833 165681 :spruit11!~unknown@86-82-44-193.fixed.kpn.net JOIN :#esoteric < 1613615570 135382 :Lord_of_Life_!~Lord@unaffiliated/lord-of-life/x-0885362 JOIN :#esoteric < 1613615605 413790 :Lord_of_Life!~Lord@unaffiliated/lord-of-life/x-0885362 QUIT :Ping timeout: 240 seconds < 1613615653 187876 :Lord_of_Life_!~Lord@unaffiliated/lord-of-life/x-0885362 NICK :Lord_of_Life < 1613616973 887725 :paul2520_!~paul2520@paulkaefer.com JOIN :#esoteric < 1613617173 545608 :HackEso!~h@unaffiliated/fizzie/bot/hackeso QUIT :Ping timeout: 240 seconds < 1613617173 680530 :paul2520!~paul2520@unaffiliated/paul2520 QUIT :Ping timeout: 240 seconds < 1613617174 279142 :HackEso!~h@techne.zem.fi JOIN :#esoteric < 1613617174 503488 :HackEso!~h@techne.zem.fi QUIT :Changing host < 1613617174 503540 :HackEso!~h@unaffiliated/fizzie/bot/hackeso JOIN :#esoteric < 1613617181 149478 :int-e!~noone@int-e.eu QUIT :Ping timeout: 244 seconds < 1613617314 699214 :fungot!~fungot@unaffiliated/fizzie/bot/fungot QUIT :Ping timeout: 240 seconds < 1613617416 272542 :fungot!~fungot@unaffiliated/fizzie/bot/fungot JOIN :#esoteric < 1613617529 128195 :int-e!~noone@int-e.eu JOIN :#esoteric < 1613617902 364942 :clog!~nef@bespin.org JOIN :#esoteric < 1613618126 639257 :ais523!~ais523@unaffiliated/ais523 QUIT :Remote host closed the connection < 1613618198 348755 :ais523!~ais523@unaffiliated/ais523 JOIN :#esoteric < 1613618440 198081 :ais523!~ais523@unaffiliated/ais523 QUIT :Remote host closed the connection < 1613618513 501033 :ais523!~ais523@unaffiliated/ais523 JOIN :#esoteric > 1613618534 524690 PRIVMSG #esoteric :14[[07PRSCNT14]]4 10 02https://esolangs.org/w/index.php?diff=80796&oldid=80657 5* 03Hakerh400 5* (+2769) 10Add interpreter, add INP instruction for input, explain computational class, revert old examples < 1613618696 365093 :HackEso!~h@unaffiliated/fizzie/bot/hackeso QUIT :Ping timeout: 240 seconds < 1613618735 60596 :HackEso!~h@unaffiliated/fizzie/bot/hackeso JOIN :#esoteric < 1613619828 351995 :ais523!~ais523@unaffiliated/ais523 QUIT :Remote host closed the connection < 1613619902 94514 :ais523!~ais523@unaffiliated/ais523 JOIN :#esoteric < 1613620304 913646 :tromp!~tromp@dhcp-077-249-230-040.chello.nl QUIT :Read error: Connection reset by peer < 1613620337 338303 :tromp!~tromp@dhcp-077-249-230-040.chello.nl JOIN :#esoteric > 1613626022 172239 PRIVMSG #esoteric :14[[07PRSCNT14]]4 M10 02https://esolangs.org/w/index.php?diff=80797&oldid=80796 5* 03Hakerh400 5* (+1) 10/* Computational class */ < 1613626102 803878 :craigo!~craigo@144.136.206.168 JOIN :#esoteric < 1613629807 539838 :delta23!~deltaepsi@unaffiliated/deltaepsilon23 QUIT :Quit: Leaving < 1613632489 326310 :zzo38!~zzo38@host-24-207-14-22.public.eastlink.ca PRIVMSG #esoteric :I had designed a computer video processor before (never implemented), with its own instruction set, and during each scanline you can set the addresses for the planes and index data independently, even overlapping if you want to. < 1613632547 430058 :zzo38!~zzo38@host-24-207-14-22.public.eastlink.ca PRIVMSG #esoteric :Although not the intention, I later realized that one effect that can be generated with this without too much difficulty is drop shadows. At first I thought only vertical drop shadows, but later I realized how to do drop shadows in any direction (other than purely horizontally), by skewing the picture. < 1613632561 421444 :zzo38!~zzo38@host-24-207-14-22.public.eastlink.ca PRIVMSG #esoteric :Other effects that were not the intention are probably also possible. < 1613632579 374392 :zzo38!~zzo38@host-24-207-14-22.public.eastlink.ca PRIVMSG #esoteric :(As well as some that probably were the intention at first.) < 1613632700 793693 :imode!~imode@unaffiliated/imode JOIN :#esoteric < 1613633573 266976 :zzo38!~zzo38@host-24-207-14-22.public.eastlink.ca PRIVMSG #esoteric :Stealth Thrower {?} Creature - ? (1/1) ;; {T}: ~ deals 3 damage to target creature or planeswalker. Flip a coin; if heads, shuffle ~ and all permanents attached to it into their owner's library. < 1613633897 258134 :imode!~imode@unaffiliated/imode QUIT :Quit: WeeChat 3.0 < 1613633953 525632 :LKoen!~LKoen@136.169.9.109.rev.sfr.net JOIN :#esoteric < 1613635972 851308 :Sgeo!~Sgeo@ool-18b98aa4.dyn.optonline.net QUIT :Read error: Connection reset by peer < 1613637060 392596 :ArthurStrong!~ArthurStr@92.60.177.45 JOIN :#esoteric < 1613637231 371419 :sprock!~sprocklem@unaffiliated/sprocklem QUIT :Ping timeout: 246 seconds < 1613638281 375287 :ArthurStrong!~ArthurStr@92.60.177.45 QUIT :Ping timeout: 246 seconds < 1613639248 1861 :LKoen!~LKoen@136.169.9.109.rev.sfr.net QUIT :Read error: Connection reset by peer < 1613639284 504639 :LKoen!~LKoen@136.169.9.109.rev.sfr.net JOIN :#esoteric < 1613639389 101813 :hendursa1!~weechat@gateway/tor-sasl/hendursaga JOIN :#esoteric < 1613639441 845743 :hendursaga!~weechat@gateway/tor-sasl/hendursaga QUIT :Ping timeout: 268 seconds > 1613640524 79567 PRIVMSG #esoteric :14[[07Special:Log/newusers14]]4 create10 02 5* 03AGuy 5* 10New user account > 1613641133 904338 PRIVMSG #esoteric :14[[07Esolang:Introduce yourself14]]4 10 02https://esolangs.org/w/index.php?diff=80798&oldid=80775 5* 03AGuy 5* (+78) 10/* Introductions */ > 1613641308 563552 PRIVMSG #esoteric :14[[07Esolang:Introduce yourself14]]4 10 02https://esolangs.org/w/index.php?diff=80799&oldid=80798 5* 03AGuy 5* (+8) 10/* Introductions */ > 1613641386 777147 PRIVMSG #esoteric :14[[07Esolang:Introduce yourself14]]4 10 02https://esolangs.org/w/index.php?diff=80800&oldid=80799 5* 03AGuy 5* (+30) 10/* Introductions */ < 1613641485 826569 :tromp!~tromp@dhcp-077-249-230-040.chello.nl QUIT :Remote host closed the connection < 1613641744 517854 :tromp!~tromp@dhcp-077-249-230-040.chello.nl JOIN :#esoteric < 1613641862 5210 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :ah yes, the internet is so great. if the latest fashionable app that job wants us to use, and there's a problem with it, I can use a web search to find other people complaining about the same problem. < 1613642143 518066 :ArthurStrong!~ArthurStr@178-133-129-102.mobile.vf-ua.net JOIN :#esoteric < 1613643203 114445 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :for reference, the Microsoft Teams non-browser version does not care about Windows's locale when displaying datetimes. It has its own locale settings, but you can't set date formats, only pick a full locale that includes messages. A partial workaround is to select United Kingdom as its locale, which at least displays times like "14:00" instead of < 1613643203 670790 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :"2:00 PM" or "2:00 p.m.", but still uses a weird format for dates. < 1613643547 495021 :fizzie!fis@unaffiliated/fizzie PRIVMSG #esoteric :Are the UK dates DD/MM/YYYY? That's what I mostly see here, which I'm reasonably okay with given that it's in the "right" order, but OTOH using slashes makes it look one of those bad US dates. < 1613643681 290725 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :fizzie: it displays "Thursday, 18 February 2021 @ 14:00" as long datetime, and apparently "Yesterday" and "12/02 09:52" for abbreviated datetime, and even "12 Feb 2021 09:52" as a tooltip for that. < 1613643703 926052 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :I haven't seen "DD/MM/YYYY" yet, but perhaps I'll find it elsewhere. there are many tabs and plugins. < 1613643739 959246 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :ah yes, there's a "15/06/2020 21:51" too < 1613643860 380275 :fizzie!fis@unaffiliated/fizzie PRIVMSG #esoteric :Right, I didn't think of the "text" ones. But DD/MM and DD/MM/YYYY (and maybe DD/MM/YY) are common "numeric" ones. < 1613643940 739352 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :Windows and its built-in programs like Explorer are made well enough, less affected by fashionable trends of replacing apps every year, so File Explorer says "2020-08-29 17:14" for a file modification time < 1613643983 391649 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :Outlook is somewhere in between, it shows "2021-02-05" sometimes, but also "Fri 02-12" for more recent mails. < 1613643998 486848 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :and "Sun 19:22" for even more recent ones. > 1613644102 612938 PRIVMSG #esoteric :14[[07User:AGuy14]]4 N10 02https://esolangs.org/w/index.php?oldid=80801 5* 03AGuy 5* (+257) 10Who I Am < 1613645162 539497 :nakilon!~nakilon@62.241.154.104.bc.googleusercontent.com PRIVMSG #esoteric :remember I told about the letter Ёё, < 1613645201 115853 :nakilon!~nakilon@62.241.154.104.bc.googleusercontent.com PRIVMSG #esoteric :there is a monument in its honor: https://ru.wikipedia.org/wiki/%D0%9F%D0%B0%D0%BC%D1%8F%D1%82%D0%BD%D0%B8%D0%BA_%D0%B1%D1%83%D0%BA%D0%B2%D0%B5_%C2%AB%D1%91%C2%BB < 1613645299 311369 :nakilon!~nakilon@62.241.154.104.bc.googleusercontent.com PRIVMSG #esoteric :oh there is also a monument to this one https://ru.wikipedia.org/wiki/%D0%9F%D0%B0%D0%BC%D1%8F%D1%82%D0%BD%D0%B8%D0%BA_%D0%B1%D1%83%D0%BA%D0%B2%D0%B5_%D3%A7 < 1613645323 681470 :nakilon!~nakilon@62.241.154.104.bc.googleusercontent.com PRIVMSG #esoteric :it's from a sub-Russia republic alphabet https://ru.wikipedia.org/wiki/%D0%9F%D0%B8%D1%81%D1%8C%D0%BC%D0%B5%D0%BD%D0%BD%D0%BE%D1%81%D1%82%D1%8C_%D0%BA%D0%BE%D0%BC%D0%B8 < 1613645345 825603 :nakilon!~nakilon@62.241.154.104.bc.googleusercontent.com PRIVMSG #esoteric :(above link in English https://en.wikipedia.org/wiki/Komi_alphabets) < 1613645418 154023 :ais523!~ais523@unaffiliated/ais523 QUIT :Ping timeout: 272 seconds < 1613646448 685975 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :nakilon: I wanted to say that I find a monument to a letter strange, but then I realized that we in Budapest have a statue of the numeral zero in the city https://commons.wikimedia.org/wiki/Category:Zero_Kilometre_Stone_(Budapest) < 1613647204 847244 :fizzie!fis@unaffiliated/fizzie PRIVMSG #esoteric :I don't think anyone's put up a monument for the letters ä, ö or å in Finland. Though I guess it wouldn't surprise me hugely if there was a big Å somewhere on Åland Islands. < 1613649029 67957 :nakilon!~nakilon@62.241.154.104.bc.googleusercontent.com PRIVMSG #esoteric :wib_jonas that monument looks like I wlll not say what < 1613649307 976811 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :It's a numeral 0\, not a numeral 1 < 1613649921 631454 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :fungot, why does this script work only if I give a type to this function parameter, not if I leave the type undeclared? that shouldn't matter in VBA, except sometimes for giving an error message if the wrong type is passed. < 1613649921 713933 :fungot!~fungot@unaffiliated/fizzie/bot/fungot PRIVMSG #esoteric :wib_jonas: don't people say that there's only one person you can have a low moral fibre. you can only have poor ethical training, t-rex < 1613649969 799564 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 PRIVMSG #esoteric :and what the heck happens when I don't declare the type and I get a silent error that halfway pretends to work but doesn't actually < 1613650280 378083 :nakilon!~nakilon@62.241.154.104.bc.googleusercontent.com PRIVMSG #esoteric :t-rex, you only have poor ethical training < 1613650776 849620 :nakilon!~nakilon@62.241.154.104.bc.googleusercontent.com PRIVMSG #esoteric :"ë"=="ё" < 1613650777 10419 :nakilon!~nakilon@62.241.154.104.bc.googleusercontent.com PRIVMSG #esoteric :=> false < 1613650805 881233 :nakilon!~nakilon@62.241.154.104.bc.googleusercontent.com PRIVMSG #esoteric :they look different in my terminal font and the same in IRC < 1613650855 413453 :nakilon!~nakilon@62.241.154.104.bc.googleusercontent.com PRIVMSG #esoteric :ACTION thought sanitizing 800'000 news websites article titles would be easy < 1613652721 375361 :arseniiv!~arseniiv@136.169.205.6 JOIN :#esoteric < 1613652871 30934 :fizzie!fis@unaffiliated/fizzie PRIVMSG #esoteric :I tried to write a macro in LibreOffice Basic once, and found it approximately as painful as VBA. < 1613652923 325682 :fizzie!fis@unaffiliated/fizzie PRIVMSG #esoteric :(I think it lets you write in Python too, though.) < 1613654425 126013 :LKoen!~LKoen@136.169.9.109.rev.sfr.net QUIT :Remote host closed the connection < 1613655775 878309 :LKoen!~LKoen@136.169.9.109.rev.sfr.net JOIN :#esoteric < 1613656215 309028 :LKoen!~LKoen@136.169.9.109.rev.sfr.net QUIT :Quit: “It’s only logical. First you learn to talk, then you learn to think. Too bad it’s not the other way round.” < 1613657165 418977 :Sgeo!~Sgeo@ool-18b98aa4.dyn.optonline.net JOIN :#esoteric < 1613657348 847739 :tromp!~tromp@dhcp-077-249-230-040.chello.nl QUIT :Remote host closed the connection < 1613657491 381187 :tromp!~tromp@dhcp-077-249-230-040.chello.nl JOIN :#esoteric < 1613657679 95819 :Arcorann_!~awych@159-196-65-46.9fc441.mel.nbn.aussiebb.net QUIT :Ping timeout: 256 seconds < 1613658077 232389 :hendursa1!~weechat@gateway/tor-sasl/hendursaga QUIT :Quit: hendursa1 < 1613658099 874616 :hendursaga!~weechat@gateway/tor-sasl/hendursaga JOIN :#esoteric < 1613658218 205038 :tromp!~tromp@dhcp-077-249-230-040.chello.nl QUIT :Remote host closed the connection < 1613658376 378583 :tromp!~tromp@dhcp-077-249-230-040.chello.nl JOIN :#esoteric < 1613661549 833059 :LKoen!~LKoen@136.169.9.109.rev.sfr.net JOIN :#esoteric < 1613665545 332897 :ArthurStrong!~ArthurStr@178-133-129-102.mobile.vf-ua.net QUIT :Ping timeout: 240 seconds < 1613665783 221349 :wib_jonas!25bf3cd1@gateway/web/cgi-irc/kiwiirc.com/ip.37.191.60.209 QUIT :Quit: Connection closed < 1613666409 799201 :spruit11!~unknown@86-82-44-193.fixed.kpn.net QUIT :Read error: No route to host < 1613666455 721413 :spruit11!~unknown@86-82-44-193.fixed.kpn.net JOIN :#esoteric < 1613671849 13235 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :#esoteric, I have basic dumb questions about how modern web security works. there are two types of attacks where a website can try to abuse that the user has cookies to another website in the same browser. the first type is when the user tries to submit a form on https://anime.example , but the form target is actually https://bank.example/send which sends money to the owner of anime.example , and if the < 1613671855 21047 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :user happens to be logged into https://bank.example with the cookie, then this will use the user's bank account. there's an old method to protect against this first type: the bank.example's actual form has an unpredictable token in a hidden input field that the server checks on submit, anime.example can't forge that token in their own form. but you can't use that to fix all attacks of the second kind, < 1613671861 37192 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :which is when https://anime.example has a button-sized iframe that loads https://bank.example and scrolls it to where hopefully the send button will appear, and pretends that that button is the review anime episode button so the user clicks on it. I believe there's some modern web magic involving HTTP headers that lets you protect against the second type of attack, and possibly also against the first < 1613671867 38593 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :type. what exactly is this and where can I read the details, especially from the perspective of what I have to do if I'm writing the HTTP server software at https://bank.example ? < 1613671876 489613 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :all of this can be complicated with client-side scripts, but both basic attacks are possible without scripting. < 1613671906 176071 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :after I understand this, I'll also want to figure out how the heck xmlhttprequest and websocket works, including the same security things. < 1613672391 215481 :tromp!~tromp@dhcp-077-249-230-040.chello.nl QUIT :Remote host closed the connection < 1613674081 110767 :ArthurStrong!~ArthurStr@178-133-129-102.mobile.vf-ua.net JOIN :#esoteric < 1613674190 176503 :tromp!~tromp@dhcp-077-249-230-040.chello.nl JOIN :#esoteric < 1613674746 222746 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :also my new corrective glasses (same as the old one basically) are ready, I'll probably pick it up tomorrow < 1613675051 948303 :tromp!~tromp@dhcp-077-249-230-040.chello.nl QUIT :Remote host closed the connection < 1613675707 195870 :pikhq!sid394595@gateway/web/irccloud.com/x-kibzupzhkkvzdppb QUIT :Remote host closed the connection < 1613675770 818464 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :b_jonas: I think that is managed through https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy < 1613675810 570961 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :specifically https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors < 1613675821 858016 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :there's also an older, simpler mechanism https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options < 1613675877 447295 :dnm!sid401311@gateway/web/irccloud.com/x-qfqrbyavdfoqnreb QUIT :Ping timeout: 264 seconds < 1613675928 825383 :dnm!sid401311@gateway/web/irccloud.com/x-wqqjmtwmxpiyoquj JOIN :#esoteric < 1613676246 758076 :zzo38!~zzo38@host-24-207-14-22.public.eastlink.ca PRIVMSG #esoteric :I think there is a better way that could be done, but as far as I know is not implemented. This involves user settings that can apply to iframes, restricting the CSS that can apply to iframes (except for printed documents), allowing the user to detach iframes, having the option to always display the URL of iframes, and allowing separate sessions for iframes. < 1613676362 41561 :zzo38!~zzo38@host-24-207-14-22.public.eastlink.ca PRIVMSG #esoteric :(A similar thing is possible with forms, too; if the origin is different, it can avoid sending cookies, or warn the user first. The user may also wish to examine the form before sending it even if the origin is the same; this is usually already possible (using the web developer tools), although scripts in the document can mess this up.) < 1613676381 687942 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :kmc: thanks. isn't there something that controls when the cookies are sent? < 1613676669 928101 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :kmc: I don't understand this Content-Security-Policy. isn't this about a different type of attack, where the page wants to protect against user-submitted content that the server does not properly validat and so the HTML contains scripts that execute in the displaying page's context? < 1613676678 794542 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :that is important, but isn't the kind of attack I'm asking about < 1613676687 852456 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :but maybe I just don't understand what Content-Security-Policy does < 1613676743 617366 :tromp!~tromp@dhcp-077-249-230-040.chello.nl JOIN :#esoteric < 1613676769 599938 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :hmm, maybe Content-Security-Policy concerns both, but frame-ancestor and https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#navigation_directives are about the attacks I'm asking about < 1613677142 605845 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :yeah it may encompass mitigations against XSS too < 1613677165 565349 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :but that's mostly handled on the server side, with proper escaping/validation of user-supplied content < 1613677194 171692 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :as i understand it frame-ancestor lets the server tell the browser not to load the page it's currently serving up as an iframe of another site < 1613677205 991711 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :which prevents clickjacking attacks like you described < 1613677732 453057 :tromp!~tromp@dhcp-077-249-230-040.chello.nl QUIT :Remote host closed the connection < 1613677796 641117 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :kmc: so what are you supposed to use against the first type of attack? a token in a hidden input in basically every POST form? < 1613677812 830303 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :or Referer magic? < 1613677833 982392 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :I think the tokens are still used on big sites, so they might still be good practice < 1613677860 148482 :b_jonas!~a@catv-176-63-11-165.catv.broadband.hu PRIVMSG #esoteric :but I expect there's something more to this than the iframe thing and the tokens, related directly to cookies < 1613678012 304076 :pikhq!sid394595@gateway/web/irccloud.com/x-zlulmghkaikjpekc JOIN :#esoteric < 1613678122 608563 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :I mean you could tell your browser to block all cross-domain iframes and POSTs < 1613678127 633659 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :but it would also break a lot of legit use cases < 1613678135 521737 :scoofy_!~scoofy@catv-89-135-21-225.catv.broadband.hu JOIN :#esoteric < 1613678137 344079 :scoofy!~scoofy@catv-89-135-21-225.catv.broadband.hu PART :#esoteric < 1613678142 79219 :TheLie!~TheLie@business-24-134-17-157.pool2.vodafone-ip.de JOIN :#esoteric < 1613678155 221347 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :there is a subtle line between allowing different sites to interact and share content versus allowing malicious behavior < 1613678206 59454 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :and then there are other use cases like advertising and tracking where the user might want to prevent collaboration between multiple sites that *do* want to collaborate < 1613678216 168339 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :and of course something like Content-Security-Policy does not address that < 1613678237 95712 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :I think that the CSRF token in forms is still a best practice, yes < 1613678277 698663 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :for example Django enables it by default < 1613678347 144469 :kmc!~beehive@unaffiliated/kmcallister PRIVMSG #esoteric :all you have to do is put {% csrf_token %} somewhere inside your