http://qs1969.pair.com?node_id=917661

Ok, Monks, so while I've been in a kind of experimental phase with HTML, linking and CSS lately, I was doing some fun links on my home node, just for fun, and for practice. I looked up What shortcuts can I use for linking to other information?, and saw this example:

[msg://recipient<message text|link title text]
So, I thought, wouldn't it be funny if I did this:
[msg://chatterbox<embarrassing text here|click here]
and upon clicking it, some sort of embarrassing, yet playful/harmless text popped up in the cb. I'm sure I'm not the first to think of this and I think I even fell for it on someone else's home node long ago. I also thought this would be funny:
[msg://koolgirl<I love you koolgirl!!|say hello]
but neither one of these seem to work. The "say hello" link would link to a pre-filled out private message screen, but when pressing the deliver button, you'd get the following error: "You can't send that because you didn't edit the text field." So, for that example, I just made a link like this:
[msg://koolgirl|say hello]
with an empty text field, which worked, but I don't understand why the other ones didn't, because this says they should work.

As far as the other link goes, the cb link, it would just send you to a message screen, with chatterbox in the recipient box, and the "embarrassing text" in the text field, which is not what I wanted anyway, but, even if you did go ahead and hit the deliver button, you'd get the same error as before, about not being able to send because you didn't edit the text field.

So, not that these links are the least bit important, but why wouldn't they work? I took the examples straight from the site's guide to linking, as stated and linked to twice above in this post. Like I said, the links are silly and meaningless, but my furthering education on linking is the point, as well as the fact that site stated examples seem to be lacking. Am I doing something wrong? Any suggestions would be greatly appreciated.

Replies are listed 'Best First'.
Re: Problem Linking Within Perl Monks
by tinita (Parson) on Jul 31, 2011 at 00:43 UTC
    I'm sure I'm not the first to think of this and I think I even fell for it on someone else's home node long ago.
    And this was fixed a while ago, because if you can send a message (to a user or the chatterbox) just by a simple GET request this is open to CSRF. Actually before this was fixed you were able to put an image tag in your home node and its source was a link to sending a message, so it would have been automatically called when you visited the homenode.
    So it's good that this doesn't work anymore (although it's still not fully CSRF protected).

    Why the prefilled form requires to edit the fields I don't know; it might also be a kind of protection but makes the msg link kind of useless.
    Update: The prefilled form requires to edit the text field only (not the recipient, like I first thought when looking at the HTML source), and this is probably meant as a protection, so that people really look at the prefilled text before sending it.

      Ah, ok yeah I was just goofin' around having some expiremental linkage fun, but I guess that could be a sticky subject...ok, well can someone out there please pick up a piece of chalk and mark another $#&! up by embarrass herself seventeen times a day on PM. Thanks.

      P.S. Why is it that I'm always either way over thinking something, or way under thinking something....

        Why is it that I'm always either way over thinking something, or way under thinking something....

        Occupational hazard for programmers.

        HTH,

        planetscape
Re: Problem Linking Within Perl Monks
by jdporter (Paladin) on Aug 01, 2011 at 03:25 UTC

    It works as designed. We don't want people to make links as you suggested. Clearly the potential for abuse is too great.