Opened 12 months ago

Closed 4 months ago

#22975 closed enhancement (not a bug)

Make it harder for users to open links

Reported by: cypherpunks Owned by: sukhbir
Priority: Medium Milestone:
Component: Applications/TorBirdy Version:
Severity: Minor Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Maybe it's a good idea to disable clickable links by setting
network.protocol-handler.external-default [1], it not just prevents users to open a link by accident but also minimizes the risk of phishing (hopefully most Thunderbird users don't just copy paste them, for people who insists on opening links, there's still a way left by right-clicking on the link and to just use the context menu). Additionally, it might be useful to disable punycode (network.IDN_show_punycode [2]), if disabled the ascii link is visible in the status bar (probably most users type the url or copy/paste it by using their password manager, but seeing something like https://www.xn--80ak6aa92e.com/ instead of https://www.аррӏе.com/ (in the status bar, what's hardly notable) doesn't harm them either)

[1] http://kb.mozillazine.org/Network.protocol-handler.external-default

[2] http://kb.mozillazine.org/Network.IDN_show_punycode

Child Tickets

Attachments (1)

punycode.JPG (25.3 KB) - added by cypherpunks 12 months ago.
show ascii representation in statusbar

Download all attachments as: .zip

Change History (3)

comment:1 in reply to:  description Changed 12 months ago by cypherpunks

Replying to cypherpunks:

it not just prevents users to open a link by accident but also minimizes the risk of phishing [...], there's still a way left by right-clicking on the link and to just use the context menu).

My mistake, Search for and Open Link in Brwoser from the context menu is also disabled.

Last edited 12 months ago by cypherpunks (previous) (diff)

Changed 12 months ago by cypherpunks

Attachment: punycode.JPG added

show ascii representation in statusbar

comment:2 Changed 4 months ago by sukhbir

Resolution: not a bug
Status: newclosed

network.protocol-handler.external-default is already to set to true; from components/torbirdy.js:

  // Warn when an application is to be launched.
  "network.protocol-handler.warn-external.http": true,
  "network.protocol-handler.warn-external.https": true,
  "network.protocol-handler.warn-external.ftp": true,
  "network.protocol-handler.warn-external.file": true,
  "network.protocol-handler.warn-external-default": true,

As far as network.IDN_show_punycode, the default is false, so we are good. Let me know if this doesn't cover everything.

Note: See TracTickets for help on using tickets.