Page MenuHome GnuPG
Create Task
Maniphest T5777

Kleopatra: Remove all external links which would open a browser
Testing, HighPublic
Actions

Description

We need to have an option to remove all external links. This has high priority as containing links in the software violates a policy in one deployment of our software.

src/view/welcomewidget.cpp: const QString learnMore = i18nc("%1 is link a wiki article", "You can learn more about this on <a href=\"%1\">Wikipedia</a>.", wikiUrl);
src/view/welcomewidget.cpp: const QString introduction = i18n("Kleopatra is a front-end for the crypto software <a href=\"https://gnupg.org\">GnuPG</a>.");

src/view/pgpcardwidget.cpp: QStringLiteral("<a href=\"%1\">%1</a>").arg(url.toHtmlEscaped()));

src/dialogs/updatenotification.cpp < This can be ignored as GnuPG VS-Desktop handles this differently

And of course the about dialog which contains multiple links.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRAd55483bbea6b Add message box in case an URL open is prohibited
rKLEOPATRA333fe62582a9 Allow URLs with certain schemes to be blocked by Kleopatra

Event Timeline

aheinecke triaged this task as High priority.Jan 14 2022, 8:56 AM
aheinecke created this task.
ikloecker added a subscriber: ikloecker.Jan 14 2022, 9:56 AM

Is the problem links which can be clicked? Or the mere displaying of links? If the former needs to be changed, then removing the Qt::LinksAccessibleByMouse and Qt::LinksAccessibleByKeyboard flags from the textInteractionFlags of QLabel, QTextEdit, QTextBrowser would do it.

aheinecke added a comment.Jan 14 2022, 9:59 AM

Yes I think changing the textinteraction flags for these labels would be fine. But as this is only for one customer we should probably add some config like "no links". I think the about dialog things are more problematic as they come from Frameworks.

ikloecker claimed this task.Jan 27 2022, 10:47 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rKLEOPATRA333fe62582a9: Allow URLs with certain schemes to be blocked by Kleopatra.Jan 27 2022, 4:06 PM
ikloecker changed the task status from Open to Testing.Jan 27 2022, 4:26 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

I have added a setting which can be used to block URLs with certain schemes.

For example, adding the following lines to kleopatrarc

[Privacy]
BlockedUrlSchemes=http,https,mailto

will effectively block any website links and any mailto-links in the Kleopatra, including every link in the About dialog, the Help->Donate menu entry, the "Launch Bug Report Wizard" button in the Submit Bug Report dialog, etc.

Technically, this is done by setting a custom "do nothing" URL handler via QDesktopServices::setUrlHandler, so that any URLs with a blocked scheme that are opened with QDesktopServices::openUrl are blocked.

URLs that are opened by other means are not covered. For example, the Help button in the configuration dialog opens the KDE Help Center on non-Windows systems with

QProcess::startDetached(QStringLiteral("khelpcenter"), QStringList() << docUrl.toString());

As far as I can see, this is the only location in Kleopatra where an external application not belonging to Kleopatra+GnuPG is started using QProcess.

aheinecke added a comment.Jan 28 2022, 9:03 AM

Wow! That is a great idea. Thanks!

aheinecke added a commit: rKLEOPATRAd55483bbea6b: Add message box in case an URL open is prohibited.Feb 7 2022, 9:12 AM