OK, no attack this time, but it could have been some evil page with a java script on it that did anything to your machine.
If so, then sorry it's too late now, by clicking on the [Sandbox] link you just invited in a TrojanHorse? to do whatever it liked.
Possible responses to the risk
- when you see a [link] take the [ ] as a reminder to look at the url (many browsers display it at the foot of the window) before clicking on it. UseModWiki never fakes the url displayed there - because you never know when someone sneaked in to edit the page, you don't just look the first time you access the page, you look every time, like you look every time before crossing the road
- don't use [Foo] links at all
- (if you own a wiki) set the config to disable this feature
- who cares? - wiki is about cooperation and mutual trust. I'd rather have it pretty and trust my fellow wikizens
Not everything inside [square] brackets gets transformed into a link. Only things that match a predefined set of protocols. Javascript isn't one of them.
- To clarify the first person's objections--it is possible to write a link like [Some Nice Site] which leads you to a remote site. The destination (some.evil.site.example.org/badscript) could then use Javascript or do other nasty things. This possibility is the reason why I display the [] characters around the description. --CliffordAdams