A small tool to view real-world ActivityPub objects as JSON! Enter a URL
or username from Mastodon or a similar service below, and we'll send a
request with
the right
Accept
header
to the server to view the underlying object.
{
"@context": [
"https://www.w3.org/ns/activitystreams",
{
"ostatus": "http://ostatus.org#",
"atomUri": "ostatus:atomUri",
"inReplyToAtomUri": "ostatus:inReplyToAtomUri",
"conversation": "ostatus:conversation",
"sensitive": "as:sensitive",
"toot": "http://joinmastodon.org/ns#",
"votersCount": "toot:votersCount",
"blurhash": "toot:blurhash",
"focalPoint": {
"@container": "@list",
"@id": "toot:focalPoint"
},
"Hashtag": "as:Hashtag"
}
],
"id": "https://mastodon.social/users/ekis/statuses/111589746277377515",
"type": "Note",
"summary": null,
"inReplyTo": null,
"published": "2023-12-16T10:59:59Z",
"url": "https://mastodon.social/@ekis/111589746277377515",
"attributedTo": "https://mastodon.social/users/ekis",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"cc": [
"https://mastodon.social/users/ekis/followers"
],
"sensitive": false,
"atomUri": "https://mastodon.social/users/ekis/statuses/111589746277377515",
"inReplyToAtomUri": null,
"conversation": "tag:mastodon.social,2023-12-16:objectId=600402368:objectType=Conversation",
"content": "<p>Don't have time for a banner grab but still interested in basic info about a server?</p><p>Well taking advantage of a server's inability to process '%' b/c it expects two hex digits to follow; in many cases it errors</p><p>Preventing this from happening is actually easy</p><p>It requires an essential secure programming principle: verify, validate, and sanitize your input</p><p>This principle should be applied to EVERY input, and yes the URL is input</p><p><a href=\"https://mastodon.social/tags/infosec\" class=\"mention hashtag\" rel=\"tag\">#<span>infosec</span></a> <a href=\"https://mastodon.social/tags/security\" class=\"mention hashtag\" rel=\"tag\">#<span>security</span></a> <a href=\"https://mastodon.social/tags/it\" class=\"mention hashtag\" rel=\"tag\">#<span>it</span></a> <a href=\"https://mastodon.social/tags/sysadmin\" class=\"mention hashtag\" rel=\"tag\">#<span>sysadmin</span></a> <a href=\"https://mastodon.social/tags/tech\" class=\"mention hashtag\" rel=\"tag\">#<span>tech</span></a> <a href=\"https://mastodon.social/tags/development\" class=\"mention hashtag\" rel=\"tag\">#<span>development</span></a> <a href=\"https://mastodon.social/tags/programming\" class=\"mention hashtag\" rel=\"tag\">#<span>programming</span></a></p>",
"contentMap": {
"en": "<p>Don't have time for a banner grab but still interested in basic info about a server?</p><p>Well taking advantage of a server's inability to process '%' b/c it expects two hex digits to follow; in many cases it errors</p><p>Preventing this from happening is actually easy</p><p>It requires an essential secure programming principle: verify, validate, and sanitize your input</p><p>This principle should be applied to EVERY input, and yes the URL is input</p><p><a href=\"https://mastodon.social/tags/infosec\" class=\"mention hashtag\" rel=\"tag\">#<span>infosec</span></a> <a href=\"https://mastodon.social/tags/security\" class=\"mention hashtag\" rel=\"tag\">#<span>security</span></a> <a href=\"https://mastodon.social/tags/it\" class=\"mention hashtag\" rel=\"tag\">#<span>it</span></a> <a href=\"https://mastodon.social/tags/sysadmin\" class=\"mention hashtag\" rel=\"tag\">#<span>sysadmin</span></a> <a href=\"https://mastodon.social/tags/tech\" class=\"mention hashtag\" rel=\"tag\">#<span>tech</span></a> <a href=\"https://mastodon.social/tags/development\" class=\"mention hashtag\" rel=\"tag\">#<span>development</span></a> <a href=\"https://mastodon.social/tags/programming\" class=\"mention hashtag\" rel=\"tag\">#<span>programming</span></a></p>"
},
"attachment": [
{
"type": "Document",
"mediaType": "image/png",
"url": "https://files.mastodon.social/media_attachments/files/111/545/546/862/269/623/original/47c2ab6794524a6c.png",
"name": "Using /% you can generate an error on many servers, and when they have not bothered to hide information it can be revealing.",
"blurhash": "U7Ss8A$}~94?0Ms+-mIX-iIpE3-n~RE24=?Y",
"focalPoint": [
0,
0
],
"width": 1248,
"height": 257
}
],
"tag": [
{
"type": "Hashtag",
"href": "https://mastodon.social/tags/infosec",
"name": "#infosec"
},
{
"type": "Hashtag",
"href": "https://mastodon.social/tags/security",
"name": "#security"
},
{
"type": "Hashtag",
"href": "https://mastodon.social/tags/it",
"name": "#it"
},
{
"type": "Hashtag",
"href": "https://mastodon.social/tags/sysadmin",
"name": "#sysadmin"
},
{
"type": "Hashtag",
"href": "https://mastodon.social/tags/tech",
"name": "#tech"
},
{
"type": "Hashtag",
"href": "https://mastodon.social/tags/development",
"name": "#development"
},
{
"type": "Hashtag",
"href": "https://mastodon.social/tags/programming",
"name": "#programming"
}
],
"replies": {
"id": "https://mastodon.social/users/ekis/statuses/111589746277377515/replies",
"type": "Collection",
"first": {
"type": "CollectionPage",
"next": "https://mastodon.social/users/ekis/statuses/111589746277377515/replies?only_other_accounts=true&page=true",
"partOf": "https://mastodon.social/users/ekis/statuses/111589746277377515/replies",
"items": []
}
},
"likes": {
"id": "https://mastodon.social/users/ekis/statuses/111589746277377515/likes",
"type": "Collection",
"totalItems": 50
},
"shares": {
"id": "https://mastodon.social/users/ekis/statuses/111589746277377515/shares",
"type": "Collection",
"totalItems": 19
}
}