| ▲ | zie 2 hours ago |
| I love that under disclosures "Plugin might make requests to 1 external domain", if you click on it, it shows the domain: "github.com". great work! Example from https://community.obsidian.md/plugins/zotlit |
|
| ▲ | subscribed an hour ago | parent | next [-] |
| Which is brilliant...... Especially if we remember how easy is to host a (malicious) script on github :) But yes, great work indeed. It finally makes me want to move over to Obsidian. |
| |
| ▲ | zie an hour ago | parent [-] | | Yes, for sure. More context is a bonus. like clicking a link takes you to the code that calls out to github.com. Or for some sites like github, instead of just showing the domain, it shows the repo in question or it's a gist or something it says whoa nelly! and marks it questionable, etc. But already they have a great start here. |
|
|
| ▲ | trvz 2 hours ago | parent | prev [-] |
| I'd say that may be as harmful as it is helpful. Amateur users may have heard of Github and would therefore trust that domain, but you can upload malware to Github just as easily as anything else. |
| |
| ▲ | zie an hour ago | parent [-] | | Yes, a bonus would be more context, but already this can show stuff you know you don't want. If you see doubleclick.net for instance you know it will be ad-ridden disasters, or whatever. With just the domain, you can search the code repo and see exactly where it's calling github.com to see what exactly it's trying to reach on github. So it gives you an easy place to track down what's going on. An extra bonus would be clicking on github.com and it would link to the line in the file that makes the github.com call. Clearly they aren't done covering all the bases, but I think this is a great start! Way more than I expected to be honest. |
|
