(scalewithlee.substack.com)

613 points scalewithlee | 1 comments | 25 Apr 25 13:48 UTC | HN request time: 0.203s | source

Show context

simonw ◴[25 Apr 25 14:44 UTC] No.43794126[source]▶

"How could Substack improve this situation for technical writers?"

How about this: don't run a dumb as rocks Web Application Firewall on an endpoint where people are editing articles that could be about any topic, including discussing the kind of strings that might trigger a dumb as rocks WAF.

This is like when forums about web development implement XSS filters that prevent their members from talking about XSS!

Learn to escape content properly instead.

replies(3): >>43797484 #>>43797587 #>>43805706 #

1. awoimbee ◴[26 Apr 25 17:55 UTC] No.43805706[source]▶

>>43794126 #

I'm in the position where I have to run a WAF to pass security certifications. The only open source WAFs are modsecurity and it's beta successor, coraza. These things are dumb, they just use OWASP's coreruleset which is a big pile of unreadable garbage.

↑

Writing "/etc/hosts" breaks the Substack editor