h a l f b a k e r yYeah, I wish it made more sense too.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
One scam which is starting to appear in emails and other places is the jinxed link like <a href="http:// www.ebay.com/ whatever /anyone/wants/to/ put/ here/ ABC123456789?q=45984124@ehay.com/ login">https:// www.ebay.com</a>. A user clicking on the link would expect to go to ebay.com, but would instead
be sent to ehay.com.
Since I'm not aware of any legitimate reason for a URL to contain an "@" sign [with URL-ish looking text to the left of it], it would a browser could pop up a warning to indicate that a link contains an "@" sign [and suspicious text to the left] and thus is likely not as it appears. [Comments in brackets added]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
|
The @ sign is used to separate username/password from URL in links that require a password like:
ftp://user:pass@my.ftpsite.com
|
|
|
DeathNinja: Thanks for that information. It would seem that the warning could still be applied if the stuff to the left of the @ sign starts with what appears to be a hostname and path. |
|
|
The @ sign is used (generally lots of times) in the URLs of Lotus Domino servers. Plus when the anchor points to an email address "<a href="mailto://...". |
|
|
Sites that don't use password authetication ignore everything in front of the @ symbol. |
|
|
Placing a URL in a spam message like: http://www.happycuddleclub.com/
index.html@pornosite.com/custardsluts/index.html would give the people the idea that the Happy Cuddle Club was where they were going. |
|
|
Giving an option (defeatable) to tell the person there's an @ symbol (other than a mailto: link) in the link is a definate +. |
|
|
That being said, all bets are off if you are clicking on links in spam. Just don't do it, OK? |
|
|
Baked.
Opera already does this.
Trying to go to
http://news.bbc.co.uk@fuckwittage.org/
pops up an OK/Cancel box
saying: |
|
|
You are about to go to an
address containing a
username. |
|
|
Username: news.bbc.co.uk
Server: fuckwittage.org |
|
|
Are you sure you want to go
to this address? |
|
|
// it would a browser could pop up a warning to indicate that a link contains an "@" sign and thus is likely not as it appears. [supercat, 8/20/03]// |
|
|
Might have been read as "...it would [be nice if...], or [satisfy my expectations if...], or [be the least I'd accept for the big bucks I shell out each month for this ISP if...] a browser could pop up..." |
|
|
Heh...Good idea, supercat. I'm convinced you posted correctly but those jerks @ ehay.com sabotaged your message. |
|
|
I agree on the popups. My boss has a collection on his office door of an astonishing variety of annoying popups produced by various applications. Perhaps a "balloon help" could appear near the URL bar explaining it. The nice thing about those is they catch your attention, but go away on their own. |
|
|
As has been noted, there are legitimate reasons to have a URL of the form http://user:pass@wherever.com. On the other hand, it would seem unlikely that usernames and/or passwords would take the form of valid-looking URL's. A username of domain.com would be plausible, but domain.com/otherstuff would seem rather dodgy. |
|
|
Besides, even if there were an erroneous pop-up, if it were possible to tell the computer "this particular hostname legitimately expects user/pass; don't bother me about it again" I don't think the occasional popups thus generated would be a problem. |
|
|
sorry, [Ravenswood], my browser (IE 6.0) just scrolls the text off, unreadable or scrollable to the right. This didn't used to happen. Maybe someone changed the CSS code to not mess up the format, but needs a certain browser to work... |
|
|
This feature (HTTP logins) was removed from Internet Explorer for this reason. |
|
|
Strange that Firefox exhibits this flaw while IE doesn't. |
|
|
// This feature (HTTP logins) was removed from Internet Explorer for this reason. |
|
|
That's news to me. (For one, it would significantly disrupt operations of many sites that use it to log in their users.) Which specific version are you talking about? Can you point to more documentation about the feature you're referring to? |
|
|
I haven't used IE for years, but i have seen a warning to this effect from Opera and assumed it was a standard feature. I presume that it was implemented after this idea was posted. |
|
| |