Policy for opening url links in documents
Pavel Sanda
sanda at lyx.org
Wed Aug 16 14:35:46 UTC 2023
Hi,
as a part of #12878 Stephan raised a question to what degree should we allow
opening external links which are part of citation in the document (or rather
part of .bib file).
Currently we allow opening links stored in the "url" field of bibtex entry or
files stored in "file" field by entry in the context menu; what's worse we
don't show the link, so one can not check url itself - malevolent url can be
provided (e.g. attacker web site, or maybe url scheme trying to execute some
local stuff).
(We also allow similar thing for hyperlink insets, but we at least show
the target in caption of the inset.)
Now what are your opinions what we should do about it?
1) nothing.
2) add dialog before launching url. safer but super annoying.
3) add dialog before launching url + dont ask again checkbox.
not implemented - we'll also need to add session keys, which
get erased often.
4) add link target to context menu (non trivial to implement)
5) add (by default disabled) checkbox in security preference to allow
opening links for citations and hyperlinks similarly as we do with
scripts.
6) ?
I tend to go for 5, but there might be other options I did not think of...
Pavel
More information about the lyx-devel
mailing list