Lorenz Hübschle

Good idea to show the message immediately (and next to the host field). Maybe `local.glowing-bear.org` should start off with a warning and still connect as you suggested. But long-term, unencrypted...

Browser can't resolve hosts, that's why I suggested filtering on hostnames. You're thinking way to complicated. We don't need to create a 100% solution. It just has to be good...

Security is not the browser's job, it's everyone's. I'm not proposing to prevent people from connecting to insecure relays at all costs, as I've noted above it's trivial to remove...

If it's a dismissable warning, it doesn't need to perfect! The test could be simplified using a regex, something like `\.(local(host)?|example|invalid|test)$`.

With HSTS, there be dragons. It's easy to shoot yourself in the foot with it (and do so rather permanently). And if you have HSTS on a domain, you should...

Yeah we should probably make a note about that, thanks for your report

ah crap, that's the `codify` filter applied to things it shouldn't be. Thanks.

Probably easier to add detection for this to `addMention` and just do nothing in that case

#990 now implements my suggestion from the comment above; the situation in #616 is different because there the elements don't contain the content. The link here wraps the prefix, so...

This is similar to #67. I don't know whether we can detect `Fn+Alt`. Since I don't have a Mac, it would be rather helpful if someone who does own such...