start-os
start-os copied to clipboard
Start9Labs
[feat]: Enhanced handling of external links for StartOS
Prerequisites
- [X] I have searched for existing issues that already suggest this feature.
Describe the Feature Request
Currently, in StartOS, external links to outside webservers are opened seamlessly without any user interaction. This can potentially lead to information leakage and security risks. This feature request proposes enhancing the handling of external links to improve user awareness and control over their browsing experience within StartOS.
Describe the Use Case
This feature will enhance security awareness and control for StartOS users when accessing external content while still providing flexibility and convenience.
Describe Preferred Solution
Example Scenario:
- User clicks on an external link.
- A warning popup appears, stating, "You are about to exit StartOS's secure environment and access external content. Proceed with caution."
- The user has the option to continue or cancel.
- If the user chooses to trust the link, they can enable the "Trust {hostname} links from now on" toggle.
- The selected hostname is added to the whitelist.
- In subsequent visits to the trusted domain, the warning popup does not appear.
Describe Alternatives
No response
Anything else?
No response
We include a noreferrer tag on hrefs. They are just visiting a website, no real privacy/security concern
Reopening so you can make a case for this, but I'm not seeing it. What's the worse that can happen in your opinion?
Great to know we use the noreferrer attribute! It is indeed a valuable security practice. In this context, it's crucial to address user awareness, making it clear that they are departing from a controlled environment to an unknown territory. This reassures users and ensures they understand the transition to external, potentially less secure locations.
Will implement an alert to warn the user they are about to leave the safe zone of their startOS UI. They can choos eto not display again.