Hello,

When I visit this post https://ani.social/post/2611163 my browser downloads a random file called “master.m3u8”

I’m running firefox 115.8.0esr with the darkly-red theme for lemmy.

With this option enabled “Auto expand media”.

The offending line appears to be the following: <iframe class="post-metadata-iframe" allowfullscreen="true" src="https://prod.vodvideo.cbsnews.com/cbsnews/vr/hls/2024/03/11/2317151299662/2750480_hls/master.m3u8" title="House Democrats try to force floor vote on foreign aid for Ukraine, Israel, Taiwan"></iframe>

From a security perspective, using a iframe to anything posted seems dubious?

  • zabadoh
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    8 months ago

    Hi, I’m the OP for that post.

    I tried to change the link to a non-amp link to see if that would help, but Lemmy isn’t letting me save it.

    Let me try turning off auto-expand to see if it lets me update.

    edit: Nope, I can’t change to a non-amp link, even with auto-expand turned off