← Back to context

Comment by optymizer

7 days ago

That's why we have text editors, markdown viewers, image viewers, etc.

You were never able to "click a link" in Notepad in the past.

Mixing responsibilities brings with it lots of baggage, security vulnerabilities being one of them.

4 comments

optymizer

Reply
Rohansi  7 days ago

I think there are more text editors around that render clickable links than there are that don't. Even your terminal probably renders clickable links.

Despite the scary words and score this wouldn't even be a vulnerability if people weren't so hard wired to click every link they see. It's not some URL parsing gone wrong triggering an RCE. Most likely they allowed something like file:// links which of course opens that file. Totally valid link, but the feature must be neutered to only http(s):// because people.

hulitu  7 days ago

> That's why we have text editors, markdown viewers, image viewers, etc.

This is so 80s. Now we have systemd (svchost.exe), wayland (explorer) and a webbrowser (chrome). You don't need more.

  • optymizer  6 days ago

    Not sure if sarcasm, but it's not true. For example, high performance software is still built the 80s way.