Thank @daisyKutter@lemmy.ml

it's look like that that code only verify the form when submitting.. I need to check the validity when the element has been loaded.

btw checkValidity() do not solve this issue as it return True when the length is longer than maxlength ! O_o I guess this is were is lying the "bug"

It will not be digest to send all what I use for you to see it (it will lead to TL;DR)

but here an elements (loaded with XHR that give the problem

<input id="something" name="something" type="text" placeholder="aPlaceholder"  minlength="3" maxlength="32" value="this value is more than the limiation of 32 char" autofocus required>

So normally this element should be invalid and a CSS selector of :invalid should match. but it's not the case because the browser seem to not run the validation check on loaded elements... !?

if we edit manually the input , for example removing one character then the validation process kick-in and the CSS selector work etc..

Hey @hatedbad@lemmy.sdf.org

Thanks for your output, but RSA seem to not be recommended anymore, dig on a search engine..

Yes I'm talking about it in my initial post.. but it's not changing the six steps

Has I found nothing, I've write a piece of code in Python 🐍 ! and compile it for Windows..

OMG that too bad ! Lemmy that is federated and LOSS use github to track the bugs :/ Too bad I don't have an account. So anyone, feel free to report this bug. Thanks.

see my comment in the original post ( https://programming.dev/post/6111023) for more info on the suspected bug.

ok I manage to send my post ! (it look like a lemmy bug... , do you know where to report it ? )

it seem that lemmy didn't support the following *removed externally hosted image*

and weirdly, I can post here...

not yet, I didn't find enough documentation about that topic.

If the computer of the Visitor is already compromised ! your simulation can stop there I think...

My scenario assume that the visitor computer is not compromised.

But let say his traffic get intercepted. Sure a hacker can send his PubKey (2) but in (3) the visitor (should) have already the PubKey of one (or few) verification server. So it should not be possible for an hacker to interfer with the communication (3) right ?

*removed externally hosted image*

and what about something like this.

1. The visitor connect on the website
2. he receive the public key
3. The key ( it's hash ) is compared with at least two "verification" server , if they all return a positive match, the visitor can use the pub key to initiate.

The "verification servers" grab the public key directly from the Web server.

Any suggestions, ideas ?

So maybe the solution relies trough a blockchain ?

or something that from scratch mind privacy, and decentralization ? Like TOR

and a True Linux ! not one that has been "infected" with parts that do not respect The Four Essential Freedoms of Free Software

So avoid Ubuntu for example..

have a look a this video https://www.fsf.org/blogs/rms/20140407-geneva-tedx-talk-free-software-free-society/

And for a Linux distrio have a look at https://www.devuan.org 💓

and about windows --> https://itvision.altervista.org/why-windows-10-sucks.html