Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You're talking about what's known as an open redirect. And you're correct: those can definitely be used to make a phishing attack more effective. But as I mentioned, reddit only redirects users to reddit content: you need to provide a relative URL or use a reddit subdomain (eg: http://code.reddit.com) in the dest parameter.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: