Opened 2 years ago

Closed 17 months ago

#22975 closed enhancement (not a bug)

Make it harder for users to open links

Reported by: cypherpunks Owned by: sukhbir
Priority: Medium Milestone:
Component: Applications/TorBirdy Version:
Severity: Minor Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Maybe it's a good idea to disable clickable links by setting
network.protocol-handler.external-default [1], it not just prevents users to open a link by accident but also minimizes the risk of phishing (hopefully most Thunderbird users don't just copy paste them, for people who insists on opening links, there's still a way left by right-clicking on the link and to just use the context menu). Additionally, it might be useful to disable punycode (network.IDN_show_punycode [2]), if disabled the ascii link is visible in the status bar (probably most users type the url or copy/paste it by using their password manager, but seeing something like https://www.xn--80ak6aa92e.com/ instead of https://www.аррӏе.com/ (in the status bar, what's hardly notable) doesn't harm them either)

[1] http://kb.mozillazine.org/Network.protocol-handler.external-default

[2] http://kb.mozillazine.org/Network.IDN_show_punycode

Child Tickets

Attachments (1)

punycode.JPG (25.3 KB) - added by cypherpunks 2 years ago.
show ascii representation in statusbar

Download all attachments as: .zip

Change History (3)

comment:1 in reply to:  description Changed 2 years ago by cypherpunks

Replying to cypherpunks:

network.protocol-handler.external-default [1], it not just prevents users to open a link by accident but also minimizes the risk of phishing (hopefully most Thunderbird users don't just copy paste them, for people who insists on opening links, there's still a way left by right-clicking on the link and to just use the context menu).

My mistake, Search for and Open Link in Brwoser from the context menu is also disabled.

Version 0, edited 2 years ago by cypherpunks (next)

Changed 2 years ago by cypherpunks

Attachment: punycode.JPG added

show ascii representation in statusbar

comment:2 Changed 17 months ago by sukhbir

Resolution: not a bug
Status: newclosed

network.protocol-handler.external-default is already to set to true; from components/torbirdy.js:

  // Warn when an application is to be launched.
  "network.protocol-handler.warn-external.http": true,
  "network.protocol-handler.warn-external.https": true,
  "network.protocol-handler.warn-external.ftp": true,
  "network.protocol-handler.warn-external.file": true,
  "network.protocol-handler.warn-external-default": true,

As far as network.IDN_show_punycode, the default is false, so we are good. Let me know if this doesn't cover everything.

Note: See TracTickets for help on using tickets.