Delete This Post

This action will delete this post on this instance and on all federated instances, and it cannot be undone. Are you certain you want to delete this post?

No
Yes
Block This Actor

This action will block this actor and hide all of their past and future posts. Are you certain you want to block this actor?

No
Yes
Block This Object

This action will block this object. Are you certain you want to block this object?

No
Yes
Delete OAuth Client

Are you sure you want to delete the OAuth client [Client Name]? This action cannot be undone and will revoke all access tokens for this client.

No
Yes
Revoke OAuth Token

Are you sure you want to revoke the OAuth token [Token ID]? This action cannot be undone and will immediately revoke access for this token.

No
Yes
Todd Sundsted
Todd Sundsted posted 11:27am
Release v3.3.8 of Ktistec

This release continues my focus on security instead of new features. As I wrote earlier this week, I rebuilt the template framework Ktistec uses with type safety as a central principle. What does that mean?

Imagine that you have an instance of a String that holds federated data. Where can you safely render that in a browser, and what operations (sanitization, escaping, etc.) do you need to do first?

The only way to answer that is to look carefully at the lineage of that data: where it came from, how it was stored, how it was transformed, and where it's rendered. A name holds text; an href or src attribute holds a URL. If you want to render a name inside an HTML element you should HTML escape it. You should escape href and src, too, but the escaping rules for URLs are slightly different from the HTML rules. It's easy to make mistakes.

Ktistec uses four "safe" types to express the contracts:

SafeHTML: A String wrapper marking HTML markup safe to emit raw into HTML data slots (text content, between tags).

SafeAttrValue: A String wrapper marking a value safe to emit raw inside a double-quoted HTML attribute (attr="..."), other than URL or event-handler slots.

SafeURI: A String wrapper marking a URL safe to emit raw into a URL attribute slot (href, src, action, etc.).

SafeJSON: A String wrapper marking JSON output safe to emit raw into the body of a <script type="application/json"> block.

Using the wrong type at a call site is either a compile-time error, or it triggers automatic sanitization of the underlying string value.

Here's the full changelog:

Added

  • String safety framework with typed "safe" strings.
  • New Slang template engine with compile-time safety checks.
  • Vendored WebFinger and HostMeta client shards.

Fixed

  • Prevent delivery to unknown IRIs.
  • Narrow Like/Dislike addressing to the liked object's author.

I have at least one more cleanup pass to do, and then I'll turn my attention back to the Mastodon-compatible API and a few features I've been looking forward to—like scheduled posts.

#ktistec #crystallang #activitypub #fediverse