Allow some configuration option to prevent offsite links

[powrsurg]

Observed behavior

Users can click on links in places like the Usage and Privacy section and get access to the outside internet.

This can be problematic for organizations such as correctional facilities that want to lock down access as a security measure. In an ideal world for them there would not even be links to an outside system.

This is a feature request I do not know how to label things here (if I can).

Expected behavior

When a configuration option is set then any offsite link would be removed by replacing the href value with "#" and any potential target value would be set to the current page, rather than "_blank".

User-facing consequences

For learners they would not be able to access the outside world.

Context

Browser

[rtibbles]

Hi @powrsurg - thanks for the issue. We've been considering this issue for other links that we sometimes expose, and definitely think that migrating as much as possible to be encapsulated is ideal. We'll take a look into this and see what makes the most sense!

[powrsurg]

I want to say thank you for at least considering this.

Just to be clear, the most obvious spot we had found that had an offsite link was in the Privacy Policy linking to https://learningequality.org/ -- that is something I understand why it's being done, but is problematic for organizations as described previously. I can assume it is done in other scenarios as well.