Jimmy Wales wrote:
This seems easy enough to fix. The link above should
do nothing. If
we're testing a proxy, we should try to get the client to request
...?title=Special:Blockme&validation=xxxxxxxxxxxxxxxx
where 'xxxxxxxxxxxxxx' is something that we can generate easily but
that's difficult for User:EvilUser to duplicate.
Additionally, it should probably be a POST request, so it can't be
embedded in an IMG tag anyway.