[Rd] New URL redirect checks
Gábor Csárdi
c@@rd|@g@bor @end|ng |rom gm@||@com
Thu Sep 17 10:25:39 CEST 2020
Right, I am sorry, I did not realize the security aspect here. I guess
I unconsciously treated CRAN package authors as a trusted source.
Thanks for the correction and clarification, and to CRAN for
implementing these checks. :)
G.
On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch
<murdoch.duncan using gmail.com> wrote:
>
> On 16/09/2020 4:51 p.m., Simon Urbanek wrote:
> > I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get.
>
> I agree, and we do have \href{}{} in Rd files and similar in other
> formats for giving text of a link different than the URL if the URL is
> inconveniently long. There's still a bit of a security issue though:
> the built in help browser (at least in MacOS) doesn't show the full URL
> when you hover over the link, as most browsers do. So one could have
>
> \href{https://disney.org}{https://horrible.web.site}
>
> Duncan Murdoch
>
>
> >
> > Cheers,
> > Simon
> >
> >
> >> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi <csardi.gabor using gmail.com> wrote:
> >>
> >> Dear all,
> >>
> >> the new CRAN URL checks flag HTTP 301 redirects. While I understand
> >> the intent, I think this is unfortunate, because several URL shortener
> >> services use 301 redirects, and often a shorter URL is actually better
> >> in a manual page than a longer one that can be several lines long in
> >> the console and also potentially truncated in the PDF manual.
> >>
> >> Some example shorteners that are flagged:
> >>
> >>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README")
> >>> tools:::check_url_db(db)
> >> URL: https://nyti.ms (moved to https://www.nytimes.com/)
> >> From: README
> >> Status: 200
> >> Message: OK
> >>
> >> URL: https://t.co/mtXLLfYOYE (moved to
> >> https://www.bbc.co.uk/news/blogs-trending-47975564)
> >> From: README
> >> Status: 200
> >> Message: OK
> >>
> >> ______________________________________________
> >> R-devel using r-project.org mailing list
> >> https://stat.ethz.ch/mailman/listinfo/r-devel
> >>
> >
> > ______________________________________________
> > R-devel using r-project.org mailing list
> > https://stat.ethz.ch/mailman/listinfo/r-devel
> >
>
More information about the R-devel
mailing list