A read-only CryptPad spreadsheet with a list of known apps being used by #Pegasus as infection vectors, along with sources:
DM me if you'd like write access to add things.
@Br0m3x @rysiek Ah, nevermind it works. The problem was that each time I enabled more js in uMatrix, the page was reloaded which somehow caused the unique page identifier in the URL to change. So after enough js was enabled to present the spreadsheet UI, I had to reload the original URL and it worked.
@resist1984 @Br0m3x it can't come from the same domain for security reasons. The only way to properly sandbox user-controlled content is by using a separate domain for it:
I'm sure @cryptpad will have more to say here if you want. I am not in any way providing technical support for CryptPad.
That's correct! CryptPad.fr handles cryptographic content (like keys), while sandbox.cryptpad.info is used for the platform's UI. The sandbox doesn't have access to that the main domain's content and has a stricter content security policy which blocks nasty things like inline scripts.
Unfortunately, some adblockers use heuristics which can't distinguish between our sandbox iframe and an ad.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!