in webxdc, allow to open dialog on clicking https: etc.

[adbenitez]

currently, when clicking an https:, geo:, etc. links in an webxdc, nothing happens.

however, this is too strict and eliminates a lot of legitimate usecases, as having an "about" page, a "donate" link - user-entered links in an editor or spreadsheet.

there are lots of ideas around about whitelisting links somehow or even checking the code, after lots of internal discussion, however, it seems fine to show an dialog as

Do you want to open this link?

https://this-is-some-link/?skdhfkh+foo+bar

[ Cancel ]     [ Copy ]  [ Open ]

when targeting this issue,

• add the dialog on opening https: links - show the raw ASCII domains, and not some unicode representation ¹
• whitelist protocols we want to support (for the whitelist check add URL schemes whitelist deltachat-android#4066)
• make sure, the links cannot be opened silently without the dialog being shown

you can use https://github.com/webxdc/webxdc-test is links section for testing, it includes punycode links

counterparts:
deltachat/deltachat-android#4054
deltachat/deltachat-ios#2924

Footnotes

1. showing plain ascii is needed to avoid homograph attack - eg. the "а" in wikipediа.org is not an ASCII-a this kind of stuff is used to trick users. by showing raw ASCII punycode, this is discoverable, wikipediа.org would be shown as xn--wikipedi-86g.org ↩

[WofWca]

the links cannot be opened silently without the dialog being shown

So what's the decision, are we supposed to make an exception and skip the dialog for DC invite links or not? (following the discussion in #5750 (comment)).

[adbenitez]

the links cannot be opened silently without the dialog being shown

So what's the decision, are we supposed to make an exception and skip the dialog for DC invite links or not? (following the discussion in #5750 (comment)).

for invite links we show a dialog as well, the dialog of "do you want to chat with X" that normally appears when user clicks invite links

[WofWca]

Yes, but do we skip the warning dialog before we show the "chat with ...?" dialog (which is text-injectable)?

[adbenitez]

yes, there is no need for double-dialog, people do not read, the link is weird and long already, it could contain any private data in base64 and people will not notice

EDIT: I don't discard the possibility of showing the link and offering to chat with X in the same dialog tho, but two dialogs one after another would be bad, for now I would keep it simple and reuse the existing dialog as android is doing, we can later decide to do different everywhere, anyways no random person can get in contact with you and send malicious app etc.

[r10s]

showing the whole url in a dedicated dialog or in the "chat with..." dialog does not help when the name is setting to smth weird, trying to fool the user (thanks a lot for bringing that up!)

let's just show the "chat with ..." as in android/ios and see in some direct meeting if some further action is needed. if so, it would anyway not only affect desktop

so yes - we want to skip the url-showing for invite links

[WofWca]

I wonder if #3355 has ever actually been fixed (edit: maybe it was fixed but then broken again with an Electron upgrade). I tested 1.44.1 (git: v1.33.0-669-g c878fc7) and the bug is still there, testing with the "Test WebXDC" app. When clicking a mailto: link, the error is the same as on current main,
"Refused to frame '' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.".
This error happens without will-frame-navigate event firing, and setWindowOpenHandler's callback is not invoked. It's only invoked if you Shift or Ctrl + Click the link.
Although what's different it that on current main clicking an https link causes a blank screen whereas on 1.44.1 it just does nothing.

Maybe after all it's gonna be easier to get rid of the wrapper frame.