| ▲ | sublinear 11 hours ago |
| I like these kinds of projects, but adding a file export/import is inevitable. It's less about the limits of a URL and more about practicality. I also have no way to confirm that URLs aren't logged server side, so I'd never trust the claim about "no tracking". That's why these projects also end up self-hosted. |
|
| ▲ | denisinvader 11 hours ago | parent [-] |
| hash part of url only available in the browser, as far as I know, server doesn’t have access to # value |
| |
| ▲ | jamesdwilson 10 hours ago | parent | next [-] | | very easy for the server to intentionally (or by compromise) add a one liner to send the hash text up. | |
| ▲ | sublinear 11 hours ago | parent | prev [-] | | Typos and URL mangles are common though, and I'd still have no way to confirm if it got logged in that case. It's out of scope for anything in the github source, and instead depends on the server hosting the page. I know this isn't meant to be super secure, but it's still worth a mention. | | |
| ▲ | throwaway150 10 hours ago | parent [-] | | Typos aren't making the hash part turn into something else. Like your parent comment explained to you, the hash part is not sent to the server. If you go out of your way to mangle the URL then of course a mangled URL without hash will likely get logged to the server. But I'm not sure how one would manage to go so much out of the way that they mangle the URL in a way that removes the hash. | | |
| ▲ | sublinear 9 hours ago | parent [-] | | You don't have a choice pasting links into some apps. They may strip out query and hash components, percent encode, force URL shortener services, etc. Percent encoding is particularly bad since it may also bloat the length causing truncation and the decompress to fail. There's endless footguns with URLs. |
|
|
|
