Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate the URLs before opening them, prompt user confirmation when opening untrusted domains #2056

Open
3 tasks done
kittaakos opened this issue May 9, 2023 · 0 comments
Open
3 tasks done

Validate the URLs before opening them, prompt user confirmation when opening untrusted domains #2056

kittaakos opened this issue May 9, 2023 · 0 comments
Labels
topic: code Related to content of the project itself topic: security Related to the protection of user data type: enhancement Proposed improvement

Comments

@kittaakos
Copy link
Contributor

Describe the request

This feature request is based on #2027 (review).

External library contributors can specify any meaningful content for a library, including URLs. IDE2 renders these links on the UI, and the URL links are clickable, but IDE2 cannot guarantee anything regarding the links. For example, VS Code asks the user before opening a link not among the trusted domains. It's still possible to open untrusted URLs from Code without user confirmation, though, so it could be better. IDE2 opens every link without asking.

Acceptance criteria:

  • IDE2 should validate the URLs before opening them in the users' default browser.
  • IDE2 should raise a confirmation dialog when opening untrusted (other than arduino.cc) URLs to prevent users from landing on an undesired page.

Describe the current behavior

IDE2 opens any links in the default browser without prompting the user.

Arduino IDE version

2.1.0

Operating system

macOS

Operating system version

12.6.3

Additional context

Related links and best practices:

IDE2 renders these links on the UI, and the URL links are clickable

The Arduino security team has suggested not to render a link on the UI clickable if the URL scheme is not http, https, or mailto.

Suggested pseudo code:

// examples:
// external_url_string = "https://maliciouswebsite/"
// external_url_string = "sftp://1.1.1.1"

...
// in general, i prefer call native parser instead implement regex, i consider it safer and more readable
parsed_url_obj = URL(external_url_string) 

if (parsed_url.protocol == 'https' or parsed_url.protocol == 'http' or parsed_url.protocol == 'mailto'){
    // the URL is acceptable, ask confirmation to user
    OpenConfirmDialog(...,"_blank",callback(...))
} else {
    // render it as not clickable string
}
...

Issue checklist

  • I searched for previous requests in the issue tracker
  • I verified the feature was still missing when using the latest nightly build
  • My request contains all necessary details
@kittaakos kittaakos added type: enhancement Proposed improvement topic: security Related to the protection of user data labels May 9, 2023
@kittaakos kittaakos mentioned this issue May 9, 2023
Merged
4 tasks
@per1234 per1234 added the topic: code Related to content of the project itself label May 11, 2023
@per1234 per1234 changed the title Validate the URLs before opening them in IDE2, prompt user confirmation when opening untrusted domains Validate the URLs before opening them, prompt user confirmation when opening untrusted domains Sep 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic: code Related to content of the project itself topic: security Related to the protection of user data type: enhancement Proposed improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kittaakos @per1234