💾 Archived View for rawtext.club › ~sloum › geminilist › 005339.gmi captured on 2023-09-08 at 17:24:14. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Nathan Galt mailinglists at ngalt.com
Thu Feb 18 03:24:34 GMT 2021
- - - - - - - - - - - - - - - - - - -
On Feb 17, 2021, at 6:19 AM, Louis Brauer <louis at brauer.family> wrote:
Am Mi, 17. Feb 2021, um 14:58, schrieb Petite Abeille:
C: gemini://example.org
S: 30 gemini://example.org/trackerid
C: gemini://example.org/trackerid
S: 20 text/tracked
The above was to illustrate the use of redirects to uniquely tag URLs,
without any use consent.
Nothing to do with data: URI.
Even though a data URI could contains resources which could trigger
network activities.
Hm, I'm not a security or browser developer but do you have an example of a "data URI" that would trigger network activities in Gemini? I thought that Gemini spec was designed in a way to prevent that from happening.
SVG images would work nicely in data: URIs.
They can have JavaScript in them.
If I were making a graphical Gemini browser, I’d just decode the base64 text and then hand the entire blob off to some SVG library, which, for all I know, might run the JavaScript.
Or it might not. I don’t remember seeing any SVG-decoding libraries that depended on Node.