You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At first, I thought a open redirect warning would be enough but since we use a lot of links to external sites on SN, I think this would be detrimental to UX.
So I think the better solution is to check if the thing inside [] is already a link and then prevent using the markdown link syntax ([]())
edit: Or only use open redirects for this case if possible. For example, by replacing the URL to a page like https://stacker.news/redirect?url=<external_url>
Hey i'm about to for the repo and start working on this @huumn or another dev, could you point me in the right direction of the flow and the files I'll need to touch? I can stumble through it, but with a bit of guidance I could probably get it wrapped up pretty quickly. Just getting my sea legs in your software :D
For this ticket, I would guess that the following files are important:
components/text.js since that's where our Markdown input is defined (it uses react-markdown)
lib/md.js implements some markdown helper stuff
api/resolvers/item.js for backend stuff. The Graphql mutations for posting and commenting are implemented here
Hope this helps, if not, let us know :)
I also see the solution was left open in this ticket. Personally, I think a "you're leaving SN" warning would be the way to go for masked external links. So not for every external link (to not make it annoying), but just for ones which use a different URL and thus it makes sense to warn users.
Currently, users can create open redirects to potentially malicious links.
For example I can write https://stacker.news/items/194732 which actually redirects to https://stacker.news/items/194731
(interestingly, this also works in Github).
At first, I thought a open redirect warning would be enough but since we use a lot of links to external sites on SN, I think this would be detrimental to UX.
So I think the better solution is to check if the thing inside
[]
is already a link and then prevent using the markdown link syntax ([]()
)edit: Or only use open redirects for this case if possible. For example, by replacing the URL to a page like
https://stacker.news/redirect?url=<external_url>
Reference: https://stacker.news/items/194732
The text was updated successfully, but these errors were encountered: