Markdown hyperlink URIs do not accept non-HTTP(S) schemas. #27857
-
Markdown hyperlinks do not accept URIs whose schemas are not |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 6 replies
-
yup that's right, if, say, you want to upload an image, in the latest update, you simply copy and paste it at the GitHub Markdown, unlike in the past you need to upload it first to get the valid URL |
Beta Was this translation helpful? Give feedback.
-
Allowing random URLs would be potentially dangerous. A Of course if the browser or whatever else is handling a well-known scheme has an exploitable bug those URLs might also be abused, but at least the attack surface is much better known. 😅 |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
Allowing random URLs would be potentially dangerous. A
file:
URL is simply useless outside of a computer with a similar enough filesystem layout (but that also means there isn't much point in rendering it on a website). But depending on the browser, OS, and their configuration random schemes might be connected to random software that then gets run with parameters from the URL. This has been used for attacks in the past, and probably still is where there is an opportunity.Of course if the browser or whatever else is handling a well-known scheme has an exploitable bug those URLs might also be abused, but at least the attack surface is much better known. 😅