[cel1ne]

Dmg isn't scary. It's just a disk-image that mounts upon download. You have to manually start any executable on it.

And yes, there are users who click on executables carelessly, but those aren't scared by url-parts.

[robin_reala]

Safari’s DMG behaviour has been problematic in the past: https://www.cnet.com/news/mac-os-xsafari-dmg-vulnerability-r...

[evilDagmar]

Uhh... It mounts after downloading? Aside from that I doubt (or don't want to believe) that's what's happening... Doesn't that sound inherently dangerous to you? We've seen files that could infect Windows machines just from having the file browser look directly at them.