2009/9/5 David Gerard <dgerard(a)gmail.com>om>: The relevant edits have been oversighted so I can't tell what kind of URLs they were. If they were like "www.foo.com/bar.exe" then we can easily stop them by not parsing URLs that end ".exe". There will be some false positives (eg. http://en.wikipedia.org/wiki/.exe although that is only a redirect, so no real harm), but it shouldn't involve more than a slight change to 1 or 2 lines of code, unless I'm missing something. Something more advanced that would actually block executables, rather than just things with an exe extension would require actually following the link, which is probably too slow to be practical (it would have to be done on rendering, rather than saving, otherwise you can just change what is at the other end of the link after saving the page). Is there any great risk here, though? Modern browsers won't run such an executable (at least not without big scary warnings which, of course, we never just blindly click through).

On Sat, Sep 5, 2009 at 4:28 PM, David Gerard<dgerard(a)gmail.com> wrote: http://markmail.org/message/6zsebtdrahmwzs3s What once was rubbish is no more? :)