-
Notifications
You must be signed in to change notification settings - Fork 28.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open sponsor link should ask user if they want to open an external URL #150828
Comments
I use
But, it seems the trusted domains validator is not showing the dialog Assigning to @sbatten because I assume the workspace trust change might have broken this
|
This was introduced via #124325 by @JacksonKearl. The logic is that the workspace is trusted and therefore we don't need to prompt, but I'm not sure we considered extension provided links. |
Yes, that assumption might be flawed. @sbatten what do you suggest we do here? |
an option to the opener service was what I was originally thinking. I would expect it to be opt-in (i.e. you have to say you want to rely on workspace trust) otherwise by default, the link prompts. This would likely lead to a few cases where you are prompted erroneously, but its safer than the alternative. I'm not sure if the option makes sense on the opener service though, so I defer to that knowledge. |
Good idea. I like that by default we show the dialog if the domain is not trusted. One can override that if they depend on workspace trust. |
Is it possible to get this into this milestone? |
This idea works for me. |
Oh wrong May haha |
I suggest that this change is done by someone on the workspace trust team because the motivation for the change in the first place comes from you and you know best how you want to treat trust and link opening I would say. I can review the change though. |
I see 3 parts here:
I can do 2 and update 1 if that's a reasonable property on the openerservice api |
sorry I didn't get to this in June, will tackle next week |
* pipe workspace boolean for opener service validator fixes #150828 * add fromWorkspace to notebook backlayer webview
Testing #150748
I would have expected that VS Code would ask me if I am sure I want to open an external link.
I think we should just re-use the service that @rzhao271 introduced
The text was updated successfully, but these errors were encountered: