Distinguish links converted from raw text and made using formatting

Links can be misleading and potentially an attack vector.


That links goes to meta.discourse.org, but you wouldn’t know without checking first.

Discourse could indicate when a link is converted from raw text as the second link or made using formatting as the first. I have not considered how to do that. Perhaps underdotting for raw text links, or the other way around.

There’s the idea anyhow.

1 Like

This is true for every link on the web. You can mouse-over a link to see where it’s going to go.


Yes, of course, but we can mostly avoid the issue in every Discourse forum. Trust remains in the administrators. I’m saying it might be worthwhile to resolve the issue with all regular posters.

There is an existing discussion on a plugin to warn on all external links (not a fan) or warn on known bad links as vetted by google safe browsing service — which is a much better idea.

I don’t want to clutter the interface too much either. Working with cryptocurrencies where a wallet was found to be reachable by any website via JavaScript made me think of this. Known bad links will always lag behind.

If only formatted links including an url scheme would be indicated as possibly misleading, but it’s probably a rabbit hole of targetting all creative workarounds.


If I’m understanding, you want to distinguish between

<a href="http://example.com">http://example.com</a> 
<a href="http://example.com">some text</a>

where the “some text” is not the href value.

I think a short amount of JavaScript working with the cooked could style them differently.

As a proof of concept, this works for me on my localhost in Customize </body>

 $(document).on("ajaxComplete", function( event ) {
  let post_links = document.body.querySelectorAll(".contents .cooked a:not(.back):not(.mention)");
  let i = 0;
  for (i = 0; i < post_links.length; i++) {
      if ( post_links[i].href != post_links[i].textContent ) {
          post_links[i].style.outline = "1px solid #900";