I can’t remember the link for a plugin that lets you verify that a
link was generated by your application, and not a user messing with
the location field of the browser. It involved modifying link_to to
transmit a cryptographic hash.
Anyone remember?