I'm fixing T12344, but the fix means that a user can do this:
- Write a document with a link to [[ %24doge ]].
- This will link to w/24doge/. Create a "Good" page there. Work hard to build trust in the document.
- Later, create an "Evil" page at w/$doge/.
- Delete or move the page at w/24doge/.
- Today, this does nothing. Wait until we perhaps some day change the remarkup rule so that linking to a deleted or moved page treats it as though it does not exist. We may or may not ever do this.
- At that far-future date, because w/$doge/ exists and w/24doge/ no longer exists, [[ %24doge ]] is now a link to the "Evil" page even though the content of the document containing the link was not edited.
This attack seems completely absurd to me -- and I don't see any real way around it -- so I'm not planning to fix it and mention it here only for completeness.