@cwebber Looking through what I can find, the Guile protocol is just sending forms, which is vulnerable to this attack because it ends up ignoring the GET and other extra bits.
SLIME's protocol is s-expression based, and thus the GET will cause the message to be malformed (and, according to my tests, will cause swank on the CL side to terminate the connection).
I'm not sure this is as serious a vulnerability as it was in Guile.
@carlozancanaro Hm, you may be right!
@carlozancanaro Not sure if this is also you, but happy to see that someone is showing that I am not urgently correct ;) https://github.com/slime/slime/issues/286#issuecomment-509993349
SLIME seems not as in as bad of a position as Guile was. That's good! Unix domain socket support would still be nice but it appears that from web browsers SLIME isn't as at risk as I thought it was.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!