Hi, Hiro, /pol/ user here.
I would just like to inform you I've found a bug that might be a security risk.
You can "linkify" URLs without a user having the "linkify" settings enabled.
For example:
https://sys.4chan.org/%64erefer?url=www.youtube.com
Also, there doesn't seem to be a lot of validation as it works with non-links too:
https://sys.4chan.org/%64erefer?url=hello%20Hiro
Just a friendly reminder that /pol/ has 4chan's best interests at heart and we'll always be looking out for 4chan.
Has it been fixed already?
the only security risk would be if someone attached a redirect but even then it would be fucking obvious IP or long string of seemingly random numbers, located after an @ or before the URL.
>>384932
plus theres a proper place to report security risks, and it isnt here
>>384934
Where?
>>384945
Man, I could have got a free Pass too.
Oh well, I know for next time.
>>384966
>implying this is even a security risk
>>384966
You still can. I doubt anyone's gonna bother reporting this.
>>385003
yeah dude follow this totally legit looking link
https://sys.4chan.org/%[email protected]
>>385009
Doesn't matter, people will still click it.
>>385016
then they deserve what they get
>>384825
>Just a friendly reminder that /pol/ has 4chan's best interests at heart and we'll always be looking out for 4chan.
then why do you keep shitting your shitposts all over /ck/? shit and food should never go together.
>>385022
#NotInMyName, #NotAll/pol/acks, #AintNo/pol/ackBruv, etc.
>>384825
I used to use this thing all the time before linkification was in native. Mods didn't like it, though.
>>385030
I think they must have fixed it once because if I don't use hexadecimal in the links it doesn't linkify:
https://sys.4chan.org/derefer?url=test