Security Concern for Bio Section of Talent Hub Through Hyperlinks?

After messing around with the Bio portion of the Talent Hub, I noticed that limited markdown was available, including hyperlinks (cc: Add Images, GIFs, Hyperlinks to Talent Hub!).

It appears, however, that neither hovering over the link, nor inspecting the link itself, shows the actual destination URL.

This could lead to malicious actors disguising a potentially malicious link with some innocuous text, and I would recommend having the destination URL shown in the disclaimer that Roblox currently shows before going to that page. Doing so would make this vector of attack less viable, and I certainly would not want to lose the ability to link to a different site.

My creator page is here for reference: Talent Hub
image

8 Likes

Thank you for reporting this, we’ll be getting it resolved ASAP.

2 Likes

Thanks for the report, should be resolved now.

1 Like