aboutsummaryrefslogtreecommitdiff
path: root/doc/todo/block_external_links.mdwn
diff options
context:
space:
mode:
Diffstat (limited to 'doc/todo/block_external_links.mdwn')
-rw-r--r--doc/todo/block_external_links.mdwn16
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/todo/block_external_links.mdwn b/doc/todo/block_external_links.mdwn
new file mode 100644
index 000000000..56627653e
--- /dev/null
+++ b/doc/todo/block_external_links.mdwn
@@ -0,0 +1,16 @@
+I'd like the ability to block external links from anonymous users, or from
+untrusted users. This could work by generating the HTML for the new page and
+comparing it to the HTML for the old page, looking for any new `<a>` tags with
+href values that didn't exist in the old page and don't start with the URL of
+the wiki. Comparing the HTML, rather than the input, allows usage with
+various types of input formats, and ensures that a template, shortcut, or some
+new plugin will not bypass the filter.
+
+This would probably benefit from a whitelist of acceptable external URLs.
+
+This may actually form a subset of the general concept of content policies,
+described at [[todo/fileupload]].
+
+--[[JoshTriplett]]
+
+[[wishlist]]
generated by cgit v1.2.3 (git 2.25.4) at 2024-11-05 21:55:59 +0000