On Wed, Dec 29, 2021 at 11:51:35PM -0700, Dio9sys wrote: > Hello! > > I wasn't sure how best to get hold of folks, and wasn't sure if this was > already known, so please let me know if I'm just adding noise to the crowd > :) > > On the latest version of Lynx (at least on the Linux version), if you visit > a gopherhole that has the < item type (specific in gopher+ specs for sound > files) and follow the link, it will immediately open the link in your > system-default media player without giving a prompt or showing the full > file extension to validate that it's a correct file. > > In the example I found, I wrote a simple html file, specified it as < on my > gopherhole and then opened it on Lynx (on my amd64 Manjaro Linux > computer). It immediately tried to open in VLC, which then crashed as it > didn't know what to do with an html file. It lists as (SND) on the page, > marking it as a sound file, without checking that it's the supported WAV > format mentioned in the spec > > If possible, I think it would be a really great idea to have some kind of > "are you sure?" prompt showing the full file name and extension before > opening the link, so as to reduce the chance of malware or other such > nastiness happening.
I suppose - but there are a lot of cases where lynx follows a link
without prompting. Just in the gopher code, there are 8 types of links
for which it'll make a connection:
text/html
text/plain
image/gif
audio/basic (this one)
video/mpeg
application/pdf
compressed-files (via HTFile.c)
www/unknown
In each case, lynx relies on the mime-type.
Why is this one different?
> If you would like an example, you can visit gopher://dio9sys.fun on Lynx
> and go down to the final link on the page, titled Test.
>
> Thanks for reading all this!
>
> Regards,
>
> -Dio9sys, your friendly neighborhood gopher nerd
--
Thomas E. Dickey <dic...@invisible-island.net>
https://invisible-island.net
ftp://ftp.invisible-island.net
signature.asc
Description: PGP signature
