Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: Filtering potentially dangerous URI schemas in <a href="...">

by Aristotle (Chancellor)
on Oct 20, 2002 at 17:05 UTC ( [id://206676]=note: print w/replies, xml ) Need Help??


in reply to Filtering potentially dangerous URI schemas in <a href="...">

I wouldn't want them filtered entirely. There are a few legitimate (or at least non-malicious) uses for it.

Here's an idea that caters to everyone: add onClick="confirm('This link may be dangerous. Follow anyway?')" to such links. It is unintrusive to those who surf with Javascript disabled too.

Although, thinking about it, there may be sensitive browser-specific schemes that work when Javascript is disabled, in which case that would be no good. If that's deemed important to catch, links with non-standard schemes could lead to altered presentation, maybe unsafe link: like this.

Makeshifts last the longest.

Replies are listed 'Best First'.
Re: Re: Filtering potentially dangerous URI schemas in <a href="...">
by moxliukas (Curate) on Oct 20, 2002 at 23:11 UTC
    Link coloring may be an option, but you have to keep in mind that people are using different CSS themes, so this probably should be implemented as a CSS class rather than blunt <font color="#ff0000">.
      Actually, that was on purpose. That way, neither themes nor CSS will lead to the colour accidentally being overridden. I was aiming for a representation that would be completely and entirely unmistakable under any circumstances.

      Makeshifts last the longest.

        That way, neither themes nor CSS will lead to the colour accidentally being overridden.

        this is not true. this example style should disprove your case:

        /* color links */ a, a font { color: #457; background: #eee; text-decoration: none; } a:hover { color: #eee; background: #457; } /* override <font>...</font> tags */ font, b, strong { color: #457; background: transparent; }
        there are multiple ways to override the font tags in your example. my browser does not display your text in red, as you specified, as all font tags are overridden by a user-supplied style.

        as to

        a representation that would be completely and entirely unmistakable under any circumstances
        ... you'll have to aim a little higher ;-)

        ~Particle *accelerates*

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://206676]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (5)
As of 2024-03-29 06:00 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found