This seems like it would make malicious links easier to seem legitimate. If I see the Google favicon, I might assume it was Google without even checking the URL.
Like on HN when the subdomain isn't given of a site that uses public subdomains. Not sure if this is still true but UGC from Google subdomain pages used to just come up as "google.com" next to the submission.
I think the point mrspandex was making is not "this being possible is bad..." but "if this becomes the accepted way to handle web links" is bad. It's not dangerous that this method exists, it would be dangerous if the average user came to experience and accept it as the "standard" for web links. All it takes is users to assume "my address bar which I can rely on is icon + address, therefore icon + address on a web page is safe too!".
If the page is a spam site, sure. But imagine someone posts a comment with a domain similar to google.com and the Google favicon. It's a legitimate vector.
pbhjpbhj|13 years ago
jsprinkles|13 years ago
citricsquid|13 years ago
tylermenezes|13 years ago