[mappu]

These TLD previews (dropbox.com) are great, but one day, someone's going to host a phishing page or a fake news post on their dropbox and link it here, and someone's going to fall for it.

On topic, i think this is the first time i've seen someone actually try to sell a jQuery plugin.. i wish you the best of luck, especially when the source is right there.

The plugin itself is obviously going to work out best for people when the desired effect is easier to generate in javascript than it is to precompute, which is almost never the case - well, maybe for some classes of dynamically generated content (cloning instagram client-side?)

[drivebyacct2]

Are you saying you trust it more if it just comes from a random TLD? That... seems very naive.

As for the plugin, it seems... not terribly difficult or expensive (computationally). Chrome on my phone handled it fine.

[mappu]

I mean, i could host a form that looks like the dropbox login page, put it on my dropbox account, link it here, and the submission would show up with a (dropbox.com) suffix. Sure, the URL wouldn't be accurate, but i'm sure i'd catch a few people.

The solution isn't to trust random TLDs, it's exposing the subdomain in the domain preview. u.dropbox.com isn't going to be hosting an important login box or news post.

The same goes for google.com/plus.google.com, although it'd be very difficult to build a phishing page out of G+. Google Pages perhaps?