A textboard in MIT Scheme

Hey /prague/

I made a little something. It was first prototyped in Guile but I've rewritten it in MIT Scheme.

https://gitlab.com/naughtybits/schemebbs

You can see a live demo at https://textboard.org/prog (add ?css=2ch to the url if you need the pseudo-pseud0ch css)

i2p access for the paranoids: http://7ubwrcixdcemzqwqzh2vaakjsnochj2biuzpo6dc2n4f7wqj4pua.b32.i2p

>>9
malformed requests can lead to code execution
imagine thinking JS is the only browser security issue
MIME confusion
overflows
MITB
0-days
flash
resource exhaustion
webrtc for deanonymizing you
hsts preload for inferring browser history
tracking pixels
cross-site request forgery i.e. <img src="somewebsiteyouuse.com/resetpassword.php?&newpassword=attackerpassword">
polyglot files
301 redirects (you think you're going to example.com but it redirects you to example.com/malware.exe)
PDF files (they can javascript or even pdf reader exploits can lead to code execution)
maldocs
clickjacking
cryptojacking
traffic distribution systems
just fingerprinting you based on your user agent and maybe using that to deliver a payload specific to your OS and browser version which might have CVEs or 0-days for them, using EKs or some shit

yes, javascript is A browser security issue
but it is by no measn the ONLY browser security issue

people think there's a magic bullet for security
``I know!'' shouted the anus
``I'll just disable cookies and javascript! then I'll be fine!!!!''
but little did they know that they can still get pwned, even with those changes to their browser