←back to thread

Writing "/etc/hosts" breaks the Substack editor

(scalewithlee.substack.com)
603 points scalewithlee | 4 comments | 25 Apr 25 13:48 UTC | HN request time: 0.223s | source
1. simonw ◴[25 Apr 25 14:44 UTC] No.43794126[source]
"How could Substack improve this situation for technical writers?"

How about this: don't run a dumb as rocks Web Application Firewall on an endpoint where people are editing articles that could be about any topic, including discussing the kind of strings that might trigger a dumb as rocks WAF.

This is like when forums about web development implement XSS filters that prevent their members from talking about XSS!

Learn to escape content properly instead.

replies(3): >>43797484 #>>43797587 #>>43805706 #
2. serial_dev ◴[25 Apr 25 19:11 UTC] No.43797484[source]
Surprisingly simple solution
3. ZeroTalent ◴[25 Apr 25 19:17 UTC] No.43797587[source]
hire a cybersec person. I don't think they one.
4. awoimbee ◴[26 Apr 25 17:55 UTC] No.43805706[source]
I'm in the position where I have to run a WAF to pass security certifications. The only open source WAFs are modsecurity and it's beta successor, coraza. These things are dumb, they just use OWASP's coreruleset which is a big pile of unreadable garbage.