💾 Archived View for rawtext.club › ~sloum › geminilist › 001170.gmi captured on 2020-09-24 at 02:04:22. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
James Tomasino tomasino at lavabit.com
Fri May 29 16:17:49 BST 2020
- - - - - - - - - - - - - - - - - - -
On 5/29/20 3:10 PM, colecmac at protonmail.com wrote:
I think we need to rule out the equivalent of
All existing clients rule this out, I don't see the issue. As long as
clients continue not to execute arbitrary Javascript, it should be fine.
makeworld
More-so, I think we just keep beating people over the head thattext/gemini is a text document format and links *MUST* not be prefetchedor loaded without user interaction. They should also be inspectable insome way so the user knows where they lead.
These are security things, not a matter of convenience and prettydisplay. An image link pointing to a tracking pixel shouldn't auto-load.A data link trying to run an arbitrary script should be seen for what it is.
I'd suggest that be made extremely clear in the spec itself. *Can*someone build a client on gemini that doesn't follow that rule? Sure!There will be crawlers running through its space doing exactly that, buta client for users should respect their users.