I’d wager you’re likely fine if you’re using a mobile app when the affected image loads. Also, it appears they’re stealing auth tokens… not passwords or anything. At worst they could impersonate you until your token expires… but you’re not a high value target unless you’re an admin of an instance.
What kind of terrible markdown editor allows adding onload scripts to images though… it’s insane.
If it’s onload then simply viewing the image runs that script. Yikes.
Try searching for https://lemdro.id/c/askandroid from vlemmy. You might be the first subscriber on that instance.
Connect is ridiculously stable and feature-complete for how new it is. Definitely deserves to be mentioned.
To be fair, most apps other than Jerboa didn’t exist a few weeks ago 😅
Connect has been my favorite Lemmy app as of late. Jerboa is my old reliable one though 😅
Neat! Gonna have to give it a shot, looks polished.
Jerboa and Connect. The former has been a bit unstable recently so Connect has been my go-to most recently.
Oops indeed. Lemmy needs a security audit 😬