ティント (@tynt) — bluesky.baby

Warzone Joker Limner

Acrylic, pencil and marker on canvas

12.03.2026 08:40 👍 164 🔁 36 💬 0 📌 0

A drawing of a dragon, claws up, on thin brown paper with glowing amber eyes.

The backside of the object showing the 9v battery powering it, the bodged circuit, leads puncturing and suspending the paper, and plastic and metal enclosures focusing the amber light.

glowing eyes idea

06.03.2026 23:22 👍 94 🔁 10 💬 2 📌 0

haiku

27.12.2025 00:11 👍 190 🔁 32 💬 4 📌 1

05.03.2026 06:02 👍 163 🔁 33 💬 1 📌 0

04.03.2026 09:43 👍 416 🔁 75 💬 4 📌 1

after Kaoru Fujiwara

12.02.2026 18:58 👍 71 🔁 26 💬 0 📌 0

memory

23.02.2026 14:33 👍 1824 🔁 418 💬 6 📌 1

snorf snof

22.02.2026 11:30 👍 1 🔁 0 💬 0 📌 0

22.02.2026 11:13 👍 4 🔁 0 💬 1 📌 0

you're welcome 🤗

22.02.2026 11:10 👍 2 🔁 1 💬 1 📌 0

19.01.2026 05:05 👍 1133 🔁 297 💬 16 📌 1

The art, and the artist

14.09.2025 06:17 👍 460 🔁 62 💬 5 📌 2

art I made for @aurawolfie.bsky.social ✨🌊!!!

19.01.2026 22:04 👍 394 🔁 99 💬 7 📌 0

Portrait of my reflection in the window

15.12.2025 19:38 👍 901 🔁 243 💬 8 📌 1

good read 10/10 🏆

14.12.2025 21:35 👍 1 🔁 0 💬 0 📌 0

A chubby wooden kitty looking content, arms resting on his belly

I hope his peace is contagious

10.12.2025 15:07 👍 2647 🔁 916 💬 12 📌 5

a thief in the paint

12.12.2025 18:56 👍 561 🔁 90 💬 4 📌 0

if a gamma ray burst type event happened I would simply dodge. not worried about it

11.12.2025 09:08 👍 33 🔁 5 💬 6 📌 1

cawm

11.12.2025 01:31 👍 621 🔁 127 💬 1 📌 0

Storm Show YouTube video by Oneohtrix Point Never - Topic

youtu.be/hCbwx2hA5mM

10.12.2025 22:39 👍 1 🔁 0 💬 0 📌 0

BB is peak 🎩

10.12.2025 22:36 👍 1 🔁 0 💬 0 📌 0

10.12.2025 21:31 👍 1386 🔁 385 💬 7 📌 1

Do it now

10.12.2025 13:52 👍 3171 🔁 544 💬 17 📌 2

One clarification: While the vulnerability is present regardless of Server Actions, it technically leverages Server Functions, which is a shared component in RSC's architecture.

It was the fact that other RSC features relied on Server Functions that led to every RSC app having a vulnerable endpoint

08.12.2025 12:28 👍 2 🔁 0 💬 0 📌 0

Ultimately, what you will need to check varies on the framework and architecture of your app. Different frameworks have different patterns, some more idiomatic, some with more sharp edges, but all very new and unfamiliar to most engineers.

08.12.2025 12:20 👍 1 🔁 0 💬 1 📌 0

So just like in any backend scenario handling untrusted input, you would perform validation and other checks, inside of that server action function.

My personal opinion is that exactly what validation needs to be performed in your average React app with a Server Action, can be extremely unclear.

08.12.2025 12:14 👍 1 🔁 0 💬 1 📌 0

To answer your question about the security boundary of Server Actions: The action has to be in a file marked with the directive 'use server' which indicates it will execute on the server. The client calls the function with the arguments from a separate file. These arguments are untrusted input.

08.12.2025 12:11 👍 0 🔁 0 💬 1 📌 0

From a dev's perspective, those are React Server Actions. Generally, most apps built in React use a mix of client and server components, with the latter benefitting from features like streaming, which use the deserializer. This vulnerability would have been present regardless of Server Actions.

08.12.2025 12:08 👍 1 🔁 0 💬 1 📌 0

Technically, you do not need to traverse to a then-able promise. There are other vectors as well susceptible to the same lack of guard check.

The irony of it all is that the guard check was actually imported into the file but then never used in the code. Oops! 🫨

08.12.2025 11:42 👍 2 🔁 0 💬 1 📌 0

ティント

Latest posts by ティント @tynt