Hello,

When I visit this post https://ani.social/post/2611163 my browser downloads a random file called “master.m3u8”

I’m running firefox 115.8.0esr with the darkly-red theme for lemmy.

With this option enabled “Auto expand media”.

The offending line appears to be the following: <iframe class="post-metadata-iframe" allowfullscreen="true" src="https://prod.vodvideo.cbsnews.com/cbsnews/vr/hls/2024/03/11/2317151299662/2750480_hls/master.m3u8" title="House Democrats try to force floor vote on foreign aid for Ukraine, Israel, Taiwan"></iframe>

From a security perspective, using a iframe to anything posted seems dubious?

  • hitagiMA
    link
    fedilink
    English
    arrow-up
    3
    ·
    8 months ago

    That’s strange. It happens to me on Chromium too. Other instances don’t seem to be affected by this. I’ll look into it over the weekend. Thanks for letting us know.