…
Ahahah, tumblr that is the laziest thing ever.
I predict the next stop is to do this check server side.
Where it will take an entire five seconds to go around.
tbh i’d like to think that tumblr took a couple more steps than just this to fix the issue and that this was just like, an extra precautionary step, but EVEN SO it would still be incredibly funny bc it’s just so ……………….. i can’t even describe it, like, either someone at tumblr actually thought this would completely stump people OR they think the tumblr userbase is so completely incompetent that they wouldn’t figure it out? yikes
ALSO IF U GOT THE TIME/EFFORT COULD YOU EXPLAIN HOW DOING THE CHECK SERVER-SIDE WOULD BE EASY TO GO AROUND … i’ve got almost no background in webdev whatsoever; i thought usually you want to do validations/checks like this on the backend?
You do! However when you start letting users remote include code (say like linking javascript) it becomes tricky. They always have the option of obfuscating the javascript they send to you, or taking the remote JS and replacing it with something else after you’ve done the check server side, or being really sneaky and serving you one script and something to everyone else! Which is why you never never ever trust user input.