This is the redirect warning we show for all possibly dangerous links. I assume the owning team has this tested with users.
-
-
Replying to @cramforce
I'm surprised Google security is ok with unvetted content being served on http://google.com .
1 reply 0 retweets 1 like -
Replying to @wycats
It is not unvetted https://developers.google.com/safe-browsing/
2 replies 0 retweets 0 likes -
Replying to @cramforce
How would Google security feel about exposing raw sockets to these "vetted" sites?
1 reply 0 retweets 0 likes -
Replying to @wycats
Roughly as they would to exposing them to a random YouTube video. UGC is a thing. the security boundary is at a lower level than domain.
1 reply 0 retweets 1 like -
Replying to @cramforce
Interesting. A different security model than origins?
1 reply 0 retweets 0 likes -
Replying to @wycats
The content origin is $originalOrigin.cdn.ampproject.org
1 reply 0 retweets 0 likes -
-
Replying to @wycats
Because it understands how iframes work. Not sure I understand the question.
1 reply 0 retweets 0 likes -
Replying to @cramforce
I see. So relying on iframes to change the origin without a user-visible signal. I'm glad to hear support for iframes in the platform
1 reply 0 retweets 0 likes
For a legacy feature everyone wants to kill, we're sure getting a lot of security mileage out of 'em.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.