I’m working on a web app that allows users to submit links to external
sites. I’m curious if there are any special security considerations I
should take aside from escaping the user input with h( )? Is it safe to
directly link_to h(user_inputted_url), h(user_inputted_url) or could
exploited in a way that I’m not thinking of. Thanks.