Page MenuHome GnuPG

Kleopatra: Remove all external links which would open a browser
Testing, HighPublic

Description

We need to have an option to remove all external links. This has high priority as containing links in the software violates a policy in one deployment of our software.

src/view/welcomewidget.cpp: const QString learnMore = i18nc("%1 is link a wiki article", "You can learn more about this on <a href=\"%1\">Wikipedia</a>.", wikiUrl);
src/view/welcomewidget.cpp: const QString introduction = i18n("Kleopatra is a front-end for the crypto software <a href=\"https://gnupg.org\">GnuPG</a>.");

src/view/pgpcardwidget.cpp: QStringLiteral("<a href=\"%1\">%1</a>").arg(url.toHtmlEscaped()));

src/dialogs/updatenotification.cpp < This can be ignored as GnuPG VS-Desktop handles this differently

And of course the about dialog which contains multiple links.

Event Timeline

aheinecke created this task.

Is the problem links which can be clicked? Or the mere displaying of links? If the former needs to be changed, then removing the Qt::LinksAccessibleByMouse and Qt::LinksAccessibleByKeyboard flags from the textInteractionFlags of QLabel, QTextEdit, QTextBrowser would do it.

Yes I think changing the textinteraction flags for these labels would be fine. But as this is only for one customer we should probably add some config like "no links". I think the about dialog things are more problematic as they come from Frameworks.

ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the task status from Open to Testing.Jan 27 2022, 4:26 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

I have added a setting which can be used to block URLs with certain schemes.

For example, adding the following lines to kleopatrarc

[Privacy]
BlockedUrlSchemes=http,https,mailto

will effectively block any website links and any mailto-links in the Kleopatra, including every link in the About dialog, the Help->Donate menu entry, the "Launch Bug Report Wizard" button in the Submit Bug Report dialog, etc.

Technically, this is done by setting a custom "do nothing" URL handler via QDesktopServices::setUrlHandler, so that any URLs with a blocked scheme that are opened with QDesktopServices::openUrl are blocked.

URLs that are opened by other means are not covered. For example, the Help button in the configuration dialog opens the KDE Help Center on non-Windows systems with

QProcess::startDetached(QStringLiteral("khelpcenter"), QStringList() << docUrl.toString());

As far as I can see, this is the only location in Kleopatra where an external application not belonging to Kleopatra+GnuPG is started using QProcess.

Wow! That is a great idea. Thanks!