

“Don't forget to blacklist malicious usernames if you allow user-generated URLs” - Artemis2
https://www.paypal.me/support

======
alialkhatib
The title with quotation marks is a tiny bit misleading; I was expecting this
to be a blog post or something where Paypal advised developers to handle user-
generated urls with care, which would have made the paypal.me mistake (first
discussed here yesterday[0]) that much more embarrassing. In truth, it's a
quote from a post submitted to Reddit about an hour and a half prior to this
one [1], making me think the url should probably point to that (or the
quotation marks removed, since it's not really quoting anyone, but then it's a
straight up dupe of a Reddit submission).

[0]:
[https://news.ycombinator.com/item?id=10152224](https://news.ycombinator.com/item?id=10152224)

[1]: [https://redd.it/3jd1bj](https://redd.it/3jd1bj) (from Artemis2)

------
Artemis2
More:

\- [https://www.paypal.me/login](https://www.paypal.me/login)

\- [https://www.paypal.me/help](https://www.paypal.me/help)

\- [https://www.paypal.me/demo](https://www.paypal.me/demo)

[Source]([https://redd.it/3jd1bj](https://redd.it/3jd1bj))

