- 🇺🇸United States chrisfromredfin Portland, Maine
FYI these links are coming from the project descriptions themselves. We don't have any kind of sanitization of those links, but perhaps we could/should scan for links that may or may not work. For example, if we're getting a relative link from Drupal.org we may need to scan and sanitize to an absolute URL with https... ? Definitely a feature request for post-mvp.
- Status changed to Closed: won't fix
about 1 year ago 2:41pm 20 September 2023 - 🇺🇸United States drumm NY, US
Please do not implement overly-specific sanitization on the client side.
Drupal.org will already not allow images that are not hosted on Drupal.org, so all images will be https and not be used 3rd-party for tracking.
For links, http links are non-ideal, but perfectly fine. Some sites even in 2023 don't have https set up. If we were ever to restrict using those links, that filtering would belong on Drupal.org, not the client.