[ home ] [ math / cs / ai / phy / as / chem / bio / geo ] [ civ / aero / mech / ee / hdl / os / dev / web / app / sys / net / sec ] [ med / fin / psy / soc / his / lit / lin / phi / arch ] [ off / vg / jp / 2hu / tc / ts / adv / hr / meta / tex ] [ chat ] [ wiki ]

Viewing source code

The following is the source code for post >>>/meta/538

>>536
>this is the only image board I can name that messes with URLs.
This is also one of the few imageboards with significant innovation, which comes with some responsibility. If we are going to provide users with a rich markup that can embed URLs, LaTeX figures etc. then we have to think about how we are going to do that securely. We could've allowed embedding URLs like \url{javascript:while(1);} that would've crashed your browser but we don't want browsing Mathchan to feel like a minefield. \`\url{...}\` and \`\href{...}{...}\` are there to allow posters link to other websites but users should not be afraid of clicking them, voluntarily or involuntarily. 

>Is this actually because chans have an unusual frequency of naughty links?
Yes, and anonymous image boards in particular have a troubled history with this stuff. There is a CSAM linking spambot that plagues all imageboards including Mathchan and we already have two of its IP addresses permabanned, though this one will be thwarted by Mathchan's captcha.

>But is a nebulous (AFAIK) search engine optimization principle worth the inconvenience?
This is not just for search engines but for your security as well. If you're browsing Mathchan at work or school, you may have to install their root certificate in which case your organization will act as the man in the middle between you and Mathchan. If they scan the page you're looking at and find  \`<a>\` tags linking to a blacklisted/criminal websites, you will be in trouble. Even if your connection is secure, it's better if you can review the link before following especially if it's given using \`\href{...}{...}\` (e.g. \href{https://wikipedia.org/}{Click me}). Malicious users may also try to conceal a link using  \`\color{...}\` or \`\colorbox{...}{...}\` in order to trick you into clicking it. They may also use \`\href{...}{...}\` to make it look like \`\url{...}\` and trick you into visiting a website you didn't expect (e.g. \href{https://wikipedia.org/}{https://google.com/}). There are simply inummerable reasons why reviewing the URL you're going to follow from Mathchan is a good idea. All these shenanigans are considered a violation of \textbf{\href{/rules#1d}{Rule 1d}} but before a moderator can remove the post with malicious links you'll have at least one layer of protection.

>Links in Mathchan are broken in the Wayback Machine, and they're also broken when casually downloading one thread with \`Ctrl+S\`
Our security overweights Wayback Machine working and you'll also be able to whitelist all websites through user settings in which case \`Ctrl+S\` will work properly.

>You expect users to be able to do recursive mirroring or base64 decode URLs. But you don't expect them to think before choosing to click link so you greet them with an obnoxious "Are sure you want to exit?" page.
You don't have to decode base64 encoded URLs because Mathchan does that for you. If you decide to recursively archive Mathchan using \`wget -m\` it should also download the exit points so you can browse the local archive just fine.