On 5/29/20 3:10 PM, colecmac at protonmail.com wrote: >> I think we need to rule out the equivalent of > All existing clients rule this out, I don't see the issue. As long as > clients continue not to execute arbitrary Javascript, it should be fine. > > makeworld More-so, I think we just keep beating people over the head that text/gemini is a text document format and links *MUST* not be prefetched or loaded without user interaction. They should also be inspectable in some way so the user knows where they lead. These are security things, not a matter of convenience and pretty display. An image link pointing to a tracking pixel shouldn't auto-load. A data link trying to run an arbitrary script should be seen for what it is. I'd suggest that be made extremely clear in the spec itself. *Can* someone build a client on gemini that doesn't follow that rule? Sure! There will be crawlers running through its space doing exactly that, but a client for users should respect their users.
---
Previous in thread (12 of 17): 🗣️ colecmac (a) protonmail.com (colecmac (a) protonmail.com)
Next in thread (14 of 17): 🗣️ Petite Abeille (petite.abeille (a) gmail.com)