Here's some proposals to make them safer from human stupidity. Of course, we ALL know two things are infinite: the universe, and human stupidity, and the latter cannot be prevented entirely, BUT can be mitigated. And here's how I propose it:
First things first, Force the “Do you trust this domain?” popup when someone clicks an Hyperlink Markdown. Unlike normal popups, this one has the following safety mechanisms:
- There's no “Do not ask this again” nor “Always trust this domain”, nor any way to bypass this popup. It should be exempt of what happens to normal links. This should be done by “comparing the text and the link”.
- You cannot immediately visit the page. It will have a five seconds countdown before the button unlocks.
In the security settings there should be the following setting:
- Revert Hyperlink Markdown Security Level
(Reverts to standard "Do you trust this domain?" prompt and its low safety)
Servers should be allowed to (and by default) set one of the following rules for Hyperlink Markdown and be allowed to set them by role and even by channel:
- Enforce Link Preview (always shows previews under the message that involves Hyperlink Markdown)
- Withhold Link For Moderation (the link will not be clickable until a moderator or owner approves)
- Suppress All Hyperlink Markdown (the hyperlink will be invalidated, and the message will go as if the markdown didn't exist, like “[this](forexample)”
Another aspect I think is important: only accounts with 2FA should be allowed to use Hyperlink Markdown, and anyone else attempting to do so should be notified by Clyde that the message didn't go because they were not verified via Two-Factor.