Comment by Blikkentrekker

Comment by Blikkentrekker 5 days ago

3 replies

View on Hacker News

It runs inside a web browser though. This is no different from visiting an arbitrary link and running whatever arbitrary code in the Javascript sandbox of that link and one already knows a q.r. code an take one to an arbitrary link.

Blikkentrekker 5 days ago

That said, I wouldn't mind an upgrade to the standard of say say if the link be printed above the code in human readable form in some way, the reader would refuse to open it, or at least be configurable to refuse to open it if they not match.

Reply View 0 replies
dylan604 5 days ago

This QR code does. But what about a QR using similar designed by someone less honorable? With QR codes, you have no idea what will happen until you scan it. At that point, it could be too late

Reply View 1 reply
  • Blikkentrekker 5 days ago

    As far as I know the only form of code execution they support is by the URL datatype which carries the same risks as wel already mentioned anyway.

    Reply View 0 replies