Re: Re: New bracket-link stuff

by theorbtwo (Prior)
in reply to Re: New bracket-link stuff
in thread New bracket-link stuff

The :// is needed because it seperates the pseudo-uri-schema from the rest-of-the-uri. (Real URIs use : for schemas that do not take a hostname next, but this isn't a real uri, and doesn't use quite the same syntax.)

And as to the second point, we do bracket-link expansion before HTML verification, IIRC, and thus it doesn't make that sort of "attack" much easier. As always, look before you leap click. (And don't use a browser that lets people lie about where links point, like some unpatched IEs.)


The HTML filtering code could, at some point, be enhanced to check for this sort of attack, but I'm not sure I understand that code sufficently to do that -- that would be more of a tyeish project.

