Relay browser

I just wanted to verify what I think I am seeing. It appears that kolmafia is stripping the password hash from all urls in the relay browser. Is this actually the case, and if so can I count on this to remain this way?
 

holatuwol

Developer
I'm not sure what your question is asking. No, mafia doesn't strip password hashes. For verification, hover your mouse over an eat link -- the password hash link still appears there. When you click, however, it will ignore whatever password hash is provided and insert what it understands to be the real password hash.

Can you count on things to remain this way? That depends on how much of a security risk this is, as this means people can give you links in chat and if you click on them while using KoLmafia, it will automatically add password hashes and execute the action that would have not happened normally in-browser.
 
Hmm, It certainly looked like it in my inventory earlier. Not a single eat/drink/use link was showing the hash. Maybe I'm just blind. I can see the security risk...on the other hand, it isn't safe to just go clicking links you don't understand anyway.
 
Top