| ▲ | optymizer 5 hours ago | |
That's why we have text editors, markdown viewers, image viewers, etc. You were never able to "click a link" in Notepad in the past. Mixing responsibilities brings with it lots of baggage, security vulnerabilities being one of them. | ||
| ▲ | Rohansi 3 hours ago | parent [-] | |
I think there are more text editors around that render clickable links than there are that don't. Even your terminal probably renders clickable links. Despite the scary words and score this wouldn't even be a vulnerability if people weren't so hard wired to click every link they see. It's not some URL parsing gone wrong triggering an RCE. Most likely they allowed something like file:// links which of course opens that file. Totally valid link, but the feature must be neutered to only http(s):// because people. | ||