I wanted to add a URL shortener to my website so when people go davidron.com/something, the user will be redirected to some arbitrary location. I added the following to my 404 page:
<script language="javascript">
var key = window.location.href.split("/")[3];
var urls={
'ssh':"http://sdf.org/ssh",
'blog':"http://blog.davidron.com",
'emacs':"http://ratamacu.freeshell.org/qe",
}
if(key){
if(urls[key]){
window.location.href=urls[key]
}else{
document.write("'"+key+"' not found :(");
}
}
</script>Now, I can go to davidron.com/ssh to open a terminal or davidron.com/emacs to download a qe binary.
- It's a complete abuse of the 404 page, which should't redirect anywhere.
- It's javascript, and a URL shortener should really use HTTP 3xx redirects.
- It's slow because you have to load and render the 404 page, show (part of) the 404 page to the user, run the script on the 404 page.
- Whatever security through obscurity there might be in a cryptic short URL is lost by the fact that I've published the entire database of URLS on my 404 page.
It also has a couple of advantages:
- It's stupid easy.
- It works.
- It's easy to edit right in the HTML.
No comments
Post a Comment