[Rd] New URL redirect checks

Wed Sep 16 23:50:52 CEST 2020

On 16/09/2020 4:51 p.m., Simon Urbanek wrote:
> I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get.

I agree, and we do have \href{}{} in Rd files and similar in other 
formats for giving text of a link different than the URL if the URL is 
inconveniently long.  There's still a bit of a security issue though: 
the built in help browser (at least in MacOS) doesn't show the full URL 
when you hover over the link, as most browsers do.  So one could have

\href{https://disney.org}{https://horrible.web.site}

Duncan Murdoch

> 
> Cheers,
> Simon
> 
> 
>> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi <csardi.gabor using gmail.com> wrote:
>>
>> Dear all,
>>
>> the new CRAN URL checks flag HTTP 301 redirects. While I understand
>> the intent, I think this is unfortunate, because several URL shortener
>> services use 301 redirects, and often a shorter URL is actually better
>> in a manual page than a longer one that can be several lines long in
>> the console and also potentially truncated in the PDF manual.
>>
>> Some example shorteners that are flagged:
>>
>>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README")
>>> tools:::check_url_db(db)
>> URL: https://nyti.ms (moved to https://www.nytimes.com/)
>> From: README
>> Status: 200
>> Message: OK
>>
>> URL: https://t.co/mtXLLfYOYE (moved to
>> https://www.bbc.co.uk/news/blogs-trending-47975564)
>> From: README
>> Status: 200
>> Message: OK
>>
>> ______________________________________________
>> R-devel using r-project.org mailing list
>> https://stat.ethz.ch/mailman/listinfo/r-devel
>>
> 
> ______________________________________________
> R-devel using r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
>