| ▲ | mk89 2 days ago | |
What about links to malware or other illegal content that will be downloaded without me clicking on it...? Is it only in the app, or also with the browser? Crazy. | ||
| ▲ | hunter2_ 2 days ago | parent | next [-] | |
> also with the browser Browsers have been doing this forever: you make a request to a server (A) that you choose to interact with, and it could respond with various things (a redirect, a page with a meta refresh, a page with a frame / iframe, etc.) that result in your browser automatically making a request (and rendering the resulting page response) to some other server (B) that could get you in trouble. However, in this classic scenario, when A starts sending you to B, you stop trusting A. This is simple when A's behavior is entirely determined by A's owner. What if it's determined by other users (not just A's owner)? Typically, A would be careful to not serve a redirect (etc.) based on user input, as that would be considered an "open redirect" vulnerability (with an exception for link shorteners, I guess). Interesting how the webview preloading that we're discussing now commits essentially this same offense. | ||
| ▲ | phoronixrly 2 days ago | parent | prev [-] | |
You don't get it. It's worth it for the sake of UX. /s | ||