Hi DavidR,
Agree with you there that a representation of code that could trigger an (even false) alert (even while there is no real payload or live or obfuscated links inside, but enough of the code being exposed to kick up such an alert), shoud preferably be given as an image. [/b]
When links are given to code representations always at least block like -http(s) or hXtp(s) so the unaware will not click on it an gets startled by an alert, for which they haven't the expertise to know what it really is all about). So now when I present a source code analysis of Redleg's fileviewer for website code for instance (where Redleg already has taken care to break all live links inside the code) I nevertheless break that link, when I give it. Like -https://aw-snap.info/file-viewer/ etc. or htxps://aw-snap.info/file-viewer/ etc.
Those that then want to see the real contents of the link, do not need rocket technology to reconstruct the live link.
At least they then do this knowingly, and I feel I haven't put the unaware at risk or those without relevant knowledge, that do not know what they are doing.
Always remember there are also minors and kids visiting our pages.
Let them come and learn on the avast forums, we are glad to educate them, butat least do this without causing any harm.
polonus (volunteer website security analyst and website error-hunter)