Home Services Wiki About 
A sandboxed, creative micro-social platform
Weboneko reimagines social media through intentional constraints and creative expression. Every post is a fully customizable HTML/CSS webpage rendered in a sandboxed iframe, combining the creative freedom of early web culture with modern safety and moderation.
No algorithms, no followers, no recommendations. Just a single reverse-chronological feed where everyone shares the same space.
Users get a 256KB data budget per day, resetting at midnight UTC. This encourages intentional, thoughtful posts rather than endless scrolling and spam.
Posts are raw HTML and CSS — no templates, no character limits. Express yourself with the full power of the web, minus JavaScript.
No comments section. Responses are chained posts, giving every reply the same creative weight as the original.
Weboneko features a simple, non-transferable currency called Nibbles. Earn them through engagement — nibbling posts, hitting milestones, and daily logins. Spend them on cosmetics like pixel art sticker slots and sticker placements on posts.
A three-stage moderation pipeline keeps the platform safe, all running locally. First, a keyword blocklist catches obvious violations. Then, IBM Granite Guardian HAP 38M classifies text for hate, abuse, and profanity. Finally, Falconsai NSFW Image Detection checks embedded images. The system is fail-closed — if anything goes wrong, content is flagged for manual review rather than published. No data is sent to external services.
All user-generated content renders inside fully sandboxed iframes with zero JavaScript execution. Posts are sanitized server-side, stripping scripts, event handlers, and other attack vectors while preserving rich HTML5 and CSS creativity. Sessions use HMAC-SHA256 signed tokens, and passwords are hashed with Argon2id.