Hacker News new | ask | show | jobs
by optymizer 134 days ago
That's why we have text editors, markdown viewers, image viewers, etc.

You were never able to "click a link" in Notepad in the past.

Mixing responsibilities brings with it lots of baggage, security vulnerabilities being one of them.
2 comments
Rohansi 134 days ago
I think there are more text editors around that render clickable links than there are that don't. Even your terminal probably renders clickable links.

Despite the scary words and score this wouldn't even be a vulnerability if people weren't so hard wired to click every link they see. It's not some URL parsing gone wrong triggering an RCE. Most likely they allowed something like file:// links which of course opens that file. Totally valid link, but the feature must be neutered to only http(s):// because people.

link
hulitu 133 days ago
Ed doesn't.
link
hulitu 133 days ago
> That's why we have text editors, markdown viewers, image viewers, etc.

This is so 80s. Now we have systemd (svchost.exe), wayland (explorer) and a webbrowser (chrome). You don't need more.

link
optymizer 133 days ago
Not sure if sarcasm, but it's not true. For example, high performance software is still built the 80s way.
link