@vitobotta.com on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Vito Botta

vitobotta.com

did:plc:fw6vwfuptwdbfgx2jvoi4igb

It's a flaw in the security mechanism itself, not just another injection point. Rails apps using SafeBuffer with the % operator for formatting could be exposing XSS vulnerabilities without realising their protection layer is compromised. 2/2

2026-04-10T21:54:47.514Z