Warn the user on links that dont match their text #1573
Conversation
Dark mode broken
|
src/lib/strings/url-helpers.ts
Outdated
| const urip = new URL(uri) | ||
| label = label.replace(/^http(s?):\/\//i, '') | ||
| return !label.startsWith(urip.hostname) |
There was a problem hiding this comment.
URL#host and URL#hostname are normalized, so new URL('https://Example.com') with Example.com wouldn't match, should label be lowercased here?
A random post I've found that can showcase this: https://bsky.app/profile/did:plc:msrbmpy5pqxwsgdgl3hyeapw/post/3kaixgqung42o
There was a problem hiding this comment.
Updated the code, it normalizes now and ignores case
|
because of the startsWith use, shouldn't it need to check what comes after the host? if there's more after the host, but the next character isn't can imagine a scenario where someone would link to edit: got a bit confused writing this so let's make it clear // label.startsWith(actualDomain)
'website.com'.startsWith('website.co')
'site.pages.dev'.startsWith('site.page') |
|
Something you might want to consider is an additional emphasis on the apex domain, in the interstitial. Web users often do not understand the counterintuitive order of trust anchoring in domains. For example: https://paypal.com.billing-department-enquiries.example.com/blah-blah-blah |
|
Good suggestion @DavidBuchanan314 Listed TLD:
Non-listed TLD:
|
|
@intrnl dumb thing for me to be lazy about. Fixed now. |
|
@ansh Can't believe I missed dark mode, thanks for hitting that Should be good to go |
Adds an interstitial for links in posts that dont match their text. If the text is not a URL, it just gives the user a normal "Leaving this site". If the text is a URL that doesnt match the target, it gives a "Possibly misleading" warning. If the link is the URL, it opens as usual.