| 2017-10-19 20:11:12 |
Kristina Hoeppner |
description |
Implement a broken link checker to prevent people going to web sites that may be up for grabs and thus exposing them to phishing, serving malware, impersonation.
Thanks to Vineet Kumar for reporting this.
I think it concerns primarily links in the editor (TinyMCE and plain text) as well as any field where you can enter a URL. External media should be fairly safe as domains need to be whitelisted in the "Allowed iframes". So having a check for them rather than when a block is on a page might suffice. |
Implement a broken link checker to prevent people going to web sites that may be up for grabs and thus exposing them to phishing, serving malware, impersonation.
Thanks to Vineet Kumar for reporting this.
I think it concerns primarily links in the editor (TinyMCE and plain text) as well as any field where you can enter a URL. External media should be fairly safe as domains need to be whitelisted in the "Allowed iframes". So having a check for them rather than when a block is on a page might suffice.
Before implementing a solution, the following should be discussed:
- What do current link checkers offer?
- Unlink automatically or require admin intervention? If admin intervention, will there be a weekly / daily email?
- If admin intervention, most links will be in user created content though to which admin doesn't have direct access.
- Should links be crossed out and unlinked automatically? That would also resolve the issue with posting direct links rather than linking text. |
|
