Limit protocols that are allowed in links

[Nutomic]

For example, I can post the following link which opens the Steam settings if Steam is installed. I am sure there are some protocols that can do much worse. Firefox shows a confirmation dialog before doing anything, but we shouldnt rely on this.

steam://browsemedia

---

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[NicolasCARPi]

So what would be the whitelist?

• https
• http (<- actually not allowing http link would be an interesting take, be the web is not there yet, or maybe it could be blocked by default and admin could allow it if they wish, or the other way around)
• (s)ftp
• gopher
• magnet ?

[ptman]

• mailto ?
• ssh ?
• matrix ? MSC2312: Matrix URI scheme proposal matrix-org/matrix-spec-proposals#2312
• git ?
• ipfs ?
• sip ?
• tel ?
• spotify ?
• vnc ?
• webcal ?

https://en.wikipedia.org/wiki/List_of_URI_schemes

[MayeulC]

Perhaps this is what you are looking for? I'd suggest going with the "permanently" registered schemes first :)

Notably, a few that haven't been listed here: mumble, geo, h323, hyper.

[Nutomic]

Basically the idea is not to allow protocols that are insecure in some way (or could have an unintended effect when opened). Or only allow "secure" protocols, whatever that means exactly.