Links to GNUSocial settings sometimes contain wrong link
- Create this message on GNUSocial:
Broken: <MyGNUSocialDomain>/settings/oldschool <MyGNUSocialDomain>/settings/twitter <MyGNUSocialDomain>/settings/avatar Is OK: https://somedomain.example/settings/oldschool <MyGNUSocialDomain>/settings/something <MyGNUSocialDomain>/settings/ <MyGNUSocialDomain>/settings/profile
As you can see from the "Is OK" examples it however does correctly work in these cases:
- The domain at the beginning is not your the GNUSocial instance where you're posting this.
- The settings URL does not exist (
- The settings URL is the main settings page (
- The settings URL is an URL to the profile settings (
What should happen
The displayed and linked URL should be the same as for all other links.
Generally it should not be possible for a user to post a link where the displayed URL is different from the actual URL of the destination of the link, because this makes Phishing possible.
Discovery (in German): https://gnusocial.de/notice/7635144 Tested with Firefox 47.0 and a Chromium-based browser.