Thanks for the feedback nitro322. Let me explain why I don't think your examples should be updated: <blockquote>link: http://www.evilsite.net/ text: www.goodsite.net</blockquote> Technically, "www.goodsite.net" is not an URL. I don't trust that to begin with ;-). We could scan for text that begins with 'www', but the next thing would be to include 'secure', 'images', etc. What about this? link: http://evilsite.com/ text: goodsite.com As you can see, it's getting tricky. <blockquote>link: http://www.evilsite.net/ text: goodpage.html</blockquote> See above. This URL is not really trying to trick you that much. Following this example (and taking it to extremes) this would be incorrect too: link: http://www.evilsite.com/contact.html text: faq <blockquote>link: http://www.goodsite.net/evilpage text: http://www.goodsite.net/</blockquote> The same thing as above applies here. This isn't really a fishing attempt. We're on the same domain, so the least we can do is trust the server. The "evilpage" shouldn't be on the "goodsite.net" to begin with ;-) <p>Thanks for the feedback nitro322. Let me explain why I don't think your examples should be updated:</p> <p><blockquote>link: <a href="http://www.evilsite.net/">http://www.evilsite.net/</a> <br />text: <a href="http://www.goodsite.net">www.goodsite.net</a></blockquote></p> <p>Technically, "www.goodsite.net" is not an URL. I don't trust that to begin with ;-). We could scan for text that begins with 'www', but the next thing would be to include 'secure', 'images', etc. What about this?</p> <p>link: <a href="http://evilsite.com/">http://evilsite.com/</a> <br />text: goodsite.com</p> <p>As you can see, it's getting tricky.</p> <p><blockquote>link: <a href="http://www.evilsite.net/">http://www.evilsite.net/</a> <br />text: goodpage.html</blockquote></p> <p>See above. This URL is not really trying to trick you that much. Following this example (and taking it to extremes) this would be incorrect too:</p> <p>link: <a href="http://www.evilsite.com/contact.html">http://www.evilsite.com/contact.html</a> <br />text: faq</p> <p><blockquote>link: <a href="http://www.goodsite.net/evilpage">http://www.goodsite.net/evilpage</a> <br />text: <a href="http://www.goodsite.net/">http://www.goodsite.net/</a></blockquote></p> <p>The same thing as above applies here. This isn't really a fishing attempt. We're on the same domain, so the least we can do is trust the server. The "evilpage" shouldn't be on the "goodsite.net" to begin with ;-)</p> 2007-03-09T20:19:44Z 1913 Script 18006 9745 2008-11-16T23:23:13Z 1408