we corrently forbid any extended api links used in urls. Anything else we should add concerning the scripting API?