Bots should be able to link to non-http URIs



  • Donovan_DMC

    The thing about this, people can embed malicious urls much easier with this (especially data urls)

    ex data:text/html,<script>alert("This Is Dangerous")</script>

  • ahnolds

    Sure, but links are inherently always somewhat risky. Discord already has the pop-up showing where the link is taking you, so a user would get to see where they were going. It's not really any worse than getting linked to a malicious website in general IMO.

    And it would be relatively easy to either blacklist/filter out obviously bad link types (data:text/html in general, anything including <script>, etc) or to whitelist safe data types like the text/calendar example given above.


Please sign in to leave a comment.