Comment by develatio

Comment by develatio 9 hours ago

3 replies

View on Hacker News

and "that's it"? I mean, it does sound like it might introduce unexpected UI behaviour, but are there any other more serious / dangerous consequences?

JimDabell 9 hours ago

Making any page that mentions you – including admin pages that might be used to disable your account – become unreadable is bad enough.

Another comment linked to this:

https://trojansource.codes

Reply View 0 replies
yencabulator 8 hours ago

One of my pet peeves is when UIs don't clearly constrain and delineate the extent of user-controlled text. Plenty of phishing attacks have relied on having attacker-controlled input seem authoritative, e.g. getting gmail to repeat back something to the victim.

Reply View 0 replies
LikesPwsh 4 hours ago

RTL lets you obfuscate file extensions.

E.g. Annexe.txt (that you might assume would be safely opened by a text editor) could actually be Ann\u202Etxt.exe, a dangerous executable.

Reply View 0 replies