>Google.com is a trusted domain. I don't think it should be 302'ing to untrusted domains for arbitrary URLs.
I think you should read this again and then take a moment to think about the services people primarily visit google.com for.
Also, what exactly are "trusted domains"? Why do they matter to users clicking links?
On a website there's no way for an user to verify where a link is going to take them without actually clicking the link. The tooltip for example tends to be relatively easy to spoof.
I think you should read this again and then take a moment to think about the services people primarily visit google.com for.
Also, what exactly are "trusted domains"? Why do they matter to users clicking links?
On a website there's no way for an user to verify where a link is going to take them without actually clicking the link. The tooltip for example tends to be relatively easy to spoof.