They can't understand that product.zip is a terrible link, but they can understand that perfectlysafewebsite.com/product.zip is a terrible link???
Yes, auto-vivification of links is bad.
You also wouldn't be able to access it on grounds of the private IP address is not in the same private as your LAN.
Or the attacker could've just sent you ... a link to familyphotos.zip. I'm not sure why you're bringing client-side auto-vivification (which yes, is a bad idea) into the picture when the attacker could equally send a…
Please name a platform where `open` will treat a non-link as a link? I just tested the ones I have access to and none did.
That's assuming apps and libraries even start doing that for .zip (which is unlikely), and is not in any way unique to .zip.
And <a href="http: //perfectlynormalwebsite.com/familyphotos.zip">familyphotos.zip</a> isn't? Am I missing something? What does the TLD add that wasn't possible before? Auto-vivified links in the 0.001% of users who…
They can't understand that product.zip is a terrible link, but they can understand that perfectlysafewebsite.com/product.zip is a terrible link???
Yes, auto-vivification of links is bad.
You also wouldn't be able to access it on grounds of the private IP address is not in the same private as your LAN.
Or the attacker could've just sent you ... a link to familyphotos.zip. I'm not sure why you're bringing client-side auto-vivification (which yes, is a bad idea) into the picture when the attacker could equally send a…
Please name a platform where `open` will treat a non-link as a link? I just tested the ones I have access to and none did.
That's assuming apps and libraries even start doing that for .zip (which is unlikely), and is not in any way unique to .zip.
And <a href="http: //perfectlynormalwebsite.com/familyphotos.zip">familyphotos.zip</a> isn't? Am I missing something? What does the TLD add that wasn't possible before? Auto-vivified links in the 0.001% of users who…