Across in-UI usage and via ZIP imports.
Zip imports currently missing safe_url validation.
Good to align to provide an extra layer of defense, and so risky URLs are flagged.
Don't consider this as a security issue, since the filtered URLs by that validation are very likely to be blocked by browser security or CSP, and there's a level of assumed privilege to the users that are able to create such attachments links already.
Across in-UI usage and via ZIP imports.
Zip imports currently missing
safe_urlvalidation.Good to align to provide an extra layer of defense, and so risky URLs are flagged.
Don't consider this as a security issue, since the filtered URLs by that validation are very likely to be blocked by browser security or CSP, and there's a level of assumed privilege to the users that are able to create such attachments links already.