this post was submitted on 29 Nov 2023
974 points (99.1% liked)
Technology
59440 readers
3281 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm rather certain, the way it works is that it removes parameters that are named like well-known tracking parameters. For example, most webpages use Google Analytics, so you see UTM parameters everywhere.
A "reset your password" link could theoretically use a parameter that's named
utm_content
, then it would presumably get removed by this feature, but I see no sane reason why one would name their password-reset parameter like that.In general, such tracking parameters are usually named in a way that it will rarely clash with other parameters a webpage may want to use, so for example they may have a prefix like
utm_
.Oh, so it's not just stripping the GET parameters? Okay, that's smarter than I was assuming
Stripping all GET parameters would break many, many legitimate webpages. ๐ซ
Looking at some comments on the linked post, I think you are right, and it would probably be fine for things like a password reset. I could play around with it, but my laptop is in the other room.