Scripts in Gemini
2025-06-29
---
Brad at Ultimatum Labs posted about a potential loophole in Gemini to allow the execution of scripts.^ I didn't see the post initially, but JBanana linked to it yesterday.^^
The loophole is based on the fact that Gemini clients are allowed to render Gemtext any way they please. This leaves room for clients to read preformatted blocks, perhaps containing an alt text denoting that they contain scripts, and execute the code contained therein. Such functionality would essentially allow Gemini to re-implement Javascript, including the ability to make further requests.
Imagine a Gemtext file that contains several such "script blocks" at the bottom of the page. A malicious (or at least privacy-unfriendly) Gemini client could implement the blocks transparently, opting not to display their content in the user window, and silently execute them in the background. They could use redirects or other trickery to check if the client supports script blocks and refuse to load the target content otherwise. Putting them at the bottom could hide their presence from an unsuspecting client until the page has already been loaded in its entirety.
The Gemini protocol specification states that the response to a Gemini request consists of a header, body data, and TLS CLOSE_NOTIFY to inform the client that the connection is closed. Some clients already begin to process response data before the CLOSE_NOTIFY is sent; this is what enables streaming within the protocol. I've written before how it could be abused to add tracking functionality to Gemini,^^^ but a malicious client could go further by reading and executing script blocks as they're received from the server. If script blocks are placed at the top, they would run before the user could even see them.
The good news is that no Gemini clients do this today, and thus it's not part of the expected culture. All of the major clients simply take Gemtext and display the text inside, applying some formatting and spacing but otherwise leaving the body unchanged. If a capsule was to implement script blocks, they would appear as preformatted code blocks in current clients and would not run. It would be pretty obvious what the capsule in question was trying to do.
In practice, the robustness of such a scheme is also questionable. It abuses preformatted blocks in Gemtext--a function which also has a legitimate use for telling Gemini clients to display text with no extra formatting at all. Brad's method of indicating the block is a script was to add an alt tag to the preformatting line, but that can easily be abused or misconfigured. It also allows a hypothetical extension-supporting Gemini client to block all scripts by skipping any preformatted block with the script tag.
Best of all, a single change in the Gemtext specification could alleviate the issue entirely. It could simply specify that a compliant Gemini client is allowed to display the response body however it wants, but it must not execute anything contained in the body.
^^ "I'd never do this" sounds like a challenge
^^^ Thoughts on Privacy Exploits in Gemini
---
[Last updated: 2025-06-29]