US Military strikes alleged drug boat from Venezuela (reuters.com)

1 points by geox 54s ago 0 comments

Show HN: Turn any PDF research paper into a video explanation using AI (researchpapervideos.com)

1 points by mohami2000 1m ago 0 comments

Show HN: LightCycle, a FOSS game in Rust based on Tron (github.com)

1 points by DavidCanHelp 1m ago 0 comments

Mathematics for Computer Science [pdf] (ocw.mit.edu)

2 points by pykello 7m ago 0 comments

%CPU Utilization Is a Lie (brendanlong.com)

3 points by BrendanLong 9m ago 0 comments

GoDoc MCP – AI Powered Go Doc (github.com)

1 points by herlon214 13m ago 0 comments

Forcing Google to share secrets isn't competition (victorwynne.com)

3 points by sethembert 15m ago 0 comments

Groups ask Carney to protect Canada's 'digital sovereignty' (cbc.ca)

1 points by BiraIgnacio 21m ago 1 comments

Department of Justice Wins Significant Remedies Against Google (justice.gov)

2 points by Improvement 23m ago 0 comments

At a Texas career expo, thousands line up to help ICE 'defend the homeland' (washingtonpost.com)

4 points by Anon84 29m ago 1 comments

How would you make this? (twitter.com)

3 points by bgdkbtv 31m ago 1 comments

Winter is coming for Ukraine: What it will take to keep the lights on (cnn.com)

1 points by MilnerRoute 34m ago 0 comments

Project Limitless: Letting a Frontier AI Think to Itself for 100k Hours

2 points by FaceLupin 34m ago 1 comments

Open Deep Research Tutorial – Train a deep research agent to exceed SOTA (art.openpipe.ai)

1 points by rahimnathwani 37m ago 0 comments

Cosmos Cloud: A secure, all-in-one platform for self-hosting Docker apps (cosmos-cloud.io)

4 points by indigodaddy 41m ago 0 comments

Suppressing property variability in recycled plastics via bioinspired design (pnas.org)

1 points by PaulHoule 43m ago 0 comments

Jean Leray in Edelbach [pdf] (mat.univie.ac.at)

1 points by perihelions 45m ago 0 comments

The Currents of a Founder (thebootstrappedfounder.com)

1 points by rmason 48m ago 0 comments

A Scalper Explains Why They Love Ripping You Off (vice.com)

2 points by paulpauper 48m ago 0 comments

Indices, not Pointers (joegm.github.io)

2 points by vitalnodo 48m ago 2 comments

Show HN: CompareGPT – Making LLMs More Trustworthy by Reducing Hallucinations

1 points by tinatina_AI 49m ago 0 comments

Have foreign tourists avoided America this year? (economist.com)

2 points by paulpauper 49m ago 1 comments

Why boomers have more money than everyone else (bloomberg.com)

3 points by paulpauper 50m ago 5 comments

Show HN: slack-explorer-mcp – Let AI find historical context in Slack (github.com)

1 points by shibayu36 55m ago 0 comments

How AI Is Changing Bookkeeping (ledgeriq.ai)

2 points by JohnnyRebel 56m ago 1 comments

The maths you need to start understanding LLMs (gilesthomas.com)

2 points by gpjt 59m ago 0 comments

Ask HN: Short term housing for founders / entrepreneurs in the Bay Area / SF?

4 points by eggbrain 59m ago 0 comments

US Manufacturing Activity Contracted in August for a Sixth Month (bloomberg.com)

3 points by JumpCrisscross 1h ago 1 comments

Show HN: Game UI Generator (godmodeai.co)

1 points by lyogavin 1h ago 0 comments

EVs reduce climate pollution, but by how much? New U-M research has the answer (news.umich.edu)

3 points by breve 1h ago 1 comments

The Trust Quotient (TQ) (kk.org)

1 points by jger15 1h ago 0 comments

TextJam (textjam.com)

2 points by Bogdanp 1h ago 0 comments

The case against Almost Always auto in C++ (gist.github.com)

1 points by alberto-m 1h ago 3 comments

This blog is running on a recycled Google Pixel 5 (blog.ctms.me)

3 points by indigodaddy 1h ago 0 comments

The Millionaire Who Left Wall Street to Become a Paramedic (nytimes.com)

2 points by wslh 1h ago 1 comments

Spec-Driven Development with A (github.blog)

2 points by e2e4 1h ago 0 comments

What Every Data Scientist Should Know About Graph Transformers (unite.ai)

1 points by Anon84 1h ago 0 comments

Google, Apple, and Mozilla Win in the Antitrust Case Google Lost (spyglass.org)

1 points by bentocorp 1h ago 0 comments

Views from onboard Starship's tenth flight test (twitter.com)

1 points by cubefox 1h ago 0 comments

Google says Gmail security is "strong and effective" as it denies major breach (arstechnica.com)

2 points by bentocorp 1h ago 0 comments

World’s biggest iceberg breaks up after 40 years (theguardian.com)

3 points by pseudolus 1h ago 0 comments

Parallel AI agents are a game changer (morningcoffee.io)

37 points by shiroyasha 1h ago 32 comments

Researchers Are Already Leaving Meta's New Superintelligence Lab (wired.com)

4 points by mgh2 1h ago 0 comments

Health Effects of Cousin Marriage: Evidence from US Genealogical Records (aeaweb.org)

2 points by Anon84 1h ago 0 comments

Lumo by Proton Mail (lumo.proton.me)

3 points by doener 1h ago 0 comments

Cqdam Free – single-binary in-memory KV store (RESP subset), ~2.5M ops/SEC (github.com)

1 points by LaminarBender 1h ago 1 comments

Human activity may be locking the Southwest into permanent drought (theconversation.com)

2 points by PaulHoule 1h ago 0 comments

Trump calls video of bag being thrown from White House an 'AI-generated' fake (cnn.com)

6 points by frays 1h ago 3 comments

Single File No-Build Blog with Modern JavaScript (single-page-blog.ben-ca1.workers.dev)

1 points by b_e_n_t_o_n 1h ago 1 comments

The World War Two bomber that cost more than the atomic bomb (bbc.com)

2 points by pseudolus 1h ago 0 comments

Ask HN: How do you protect against malicious links in user-generated content?

2 TimLeland 0 9/2/2025, 7:01:19 PM

If your app allows users to post or share content, chances are they’ll eventually try to drop in links. Some of those may be spammy, others outright malicious (phishing, malware redirects, throwaway domains, etc.)

I’m curious how companies handle this in practice. Do you:

Block certain TLDs or domains?

Use external reputation or threat-intel APIs?

Follow redirects and scan the final destination?

Sanitize or nofollow everything?

Rely on user reports + moderation queues?

Something else entirely?

It seems like a constant balancing act between safety, performance, and not frustrating legitimate users.

What’s worked well (or failed) for you? Any battle-tested approaches you’d recommend?

Comments (0)

No comments yet