You are reading a single comment by @Tijs and its replies. Click here to read the full conversation.
  • Hyperlinking to a YouTube video while removing 'https://' (in order to prevent the embedding of the video) results in some funny business:

    Clicking here...

    leads to:

    https://www.lfgss.com/conversations/127109/

    Code:

    [Clicking here](youtu.be/watch?v=7oS7qfQ5Z9k&t=18s)
    

    Hovering over the 'Clicking here...' link above shows this link:

  • that is weird

    traced it back to Django and Python... it doesn't seem to understand not to read beyond the 131364, and somehow Python manages to extract 127109 from the resulting stringification mess, and then that just happens to actually exist as a thread, and so the redirection works.

    beats me... undocumented behaviour is still not a security risk as all permissions and existence checking is applied, so I'll happily ignore it.

    relative links though... those aren't going to work

About

Avatar for Tijs @Tijs started