BrowserSelect
BrowserSelect copied to clipboard
zumoshi
BrowserSelect should ignore SafeLinks encasement
If a user clicks a link from their mail client, and the URL has been protected by Safelinks (a Microsoft/Outlook feature), the initial domain name within the Safelinks part of the URL triggers the BrowserSelect action, not the true resultant URL. For example, a Safelink-protected link to http://github.com looks like this:
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgithub.com&data=02%7C01%7Cusername%40outlook.com%7C2b5e1603efa14371c3a708d517e5b5f3%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636441197712681116&sdata=YGsyS8YvhipGv%2B9pGlNU7O1Fp%2F4DMzucGsysjSN7j4A%3D&reserved=0
Can BrowserSelect be set to ignore the encasing Safelinks URL?
so you want browser select to extract the real link from the wrapper?
that would disable the safety feature of outlook which checks for malicious links and warns the user before redirecting if the target link is a spam/phishing/malware distributor website, which is not unlikely given the number of spam emails that are sent nowadays. so i don't want to force this behavior.
also I don't want to add features that are specific to a certain type of URL to the program but I can imagine adding a URL rewrite feature where the user can add rules, to be applied to the URL before opening. a rule for your example would look like:
pattern: *.safelinks.protection.outlook.com action: extract from query value: url
which can then be applied to many links, for example, links in Google search results are also wrap the urls for tracking purposes, for example, github.com is
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwi456Si8IDXAhULfhoKHctABHkQFggk&url=https%3A%2F%2Fgithub.com%2F&usg=AOvVaw38IHvcyBra8HGhmSxvlCGw
we can then create an importable default set of rules including most of the websites that wrap urls and have it as a separate download on the page. this is also in line with 5th item from bottom of the roadmap (display the unshortened version of adf.ly or goo.gl links).
however, it is not a small change so it may take me a while to implant it.
Your point about the actual protection Safelinks offers (and the other actions taken by other types wrappers) is a good one. Would it be possible for BrowserSelect to evaluate which browser to use based on the inside URL, then pass the entire URL including wrapper to that browser? Maybe that is what you meant in your reply. I can understand your wish not to hard-code in specific types of URLs, so I think your idea of using rules to decode things is a good one. Thank you.
Or maybe it would be easier to have an option: ignore the fist occurrence of the following domain names unless they are the only one in the URL: *.outlook.com *.google.com etc.
ignore the first occurrence
I'm not sure how well that would work since it needs to not only extract the URL but also decode it. understanding the original URL, (and by that, i mean parsing the query string) to be able to extract the original URL is a more robust way.
and about your previous question, yes the pattern matching for auto select happens to the rewritten URL if I implant the URL rewriting feature. it will be very flexible such that it can do more than just extracting URLs from a wrapper. for example, you can replace google.* links with google.de if you are in Germany and get links from other Google TLDs. or in case domain of one of your services (e.g. company ticketing) changed but you still click on links from old emails, you can replace the olddomain.com with newdomain.com before opening the link.