Open Deleplace opened 6 years ago
It is not possible in general to determine if the target website will act maliciously or not. This issue covers only basic shock site redirection.
This doesn't play well with E2EE (#58). Opaque traffic => no censorship.
E2EE doesn't forbid some limited form of client-side propriety check.
When sharing a link, have the backend peek at the remote site or resource, to detect if inappropriate. Don't let the frontend auto-redirect until the backend has established that the URL target "looks safe".