Jimmy Wales wrote:
This seems easy enough to fix. The link above should do nothing. If we're testing a proxy, we should try to get the client to request ...?title=Special:Blockme&validation=xxxxxxxxxxxxxxxx where 'xxxxxxxxxxxxxx' is something that we can generate easily but that's difficult for User:EvilUser to duplicate.
Additionally, it should probably be a POST request, so it can't be embedded in an IMG tag anyway.