@ariadne pardon my ignorance here, but both urls point...

All posts Ariadne Conill 🐰's posts Post Back to profile

@ariadne pardon my ignorance here, but both urls point to github.com using https. And that would pass on the rest of the URL to the web server at github who would then return results with a certain content type. So why would either represet a risk unless you are using some Microsoft web browser that does stuff it shouldn't? Normally, the @ in a URL would be right after the host name to include username/password combination, But after the first /, it would be passed as the "GET" to web server

Like 17 May 2023 at 3:25 | Wall-to-wall | Open on mstdn.ca

4 comments

fennek

@jfmezei@mstdn.ca now compare the slashes in front of github.com to the ones after it.

(That different kind of slashes are allowed in URLs seems like the core problem to me, not .zip domains.)

17 May 2023 at 4:28 | Open on infosec.town

fupduck

@jfmezei
Maybe just read the article.

17 May 2023 at 5:51 | Open on anticapitalist.party

Jean-Francois Mezei

@fupduck My bad, Had forgotten the @ syntax in URL for authentication.

17 May 2023 at 5:56 | Open on mstdn.ca

Andy H

@jfmezei @ariadne only one points to GitHub. The linked article explains, and it's fun!

17 May 2023 at 7:52 | Open on home.social