Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add exit page for external links #1492

Closed
cryptohazard opened this issue Feb 7, 2018 · 5 comments
Closed

Add exit page for external links #1492

cryptohazard opened this issue Feb 7, 2018 · 5 comments
Assignees
@Sekhmet
Labels
feature in progress

Comments

@cryptohazard
Copy link

Hi,

I stumble upon a (minor) security issue that I would like to report you.

Can you give me a email address to share the informations I have?
@Sekhmet
Copy link
Contributor

Sekhmet commented Feb 7, 2018
edited
Loading

You can send me an email at sekhmet(at)busy.org

@cryptohazard
Copy link
Author

Thanks. I just sent you an email.

@busyorg busyorg locked and limited conversation to collaborators Feb 7, 2018
@Sekhmet
Copy link
Contributor

Sekhmet commented Feb 7, 2018

image

cc @bonustrack @jm90m @mynameisek

@bonustrack
Copy link
Contributor

Not a real Busy security issue. But we could help prevent this kind of phishing attack, another idea is to use a modal that say something like "You are going to be redirected to bunny.org/@ned are you sure you want to go there?" when click on an external link.

@jm90m
Copy link
Contributor

jm90m commented Feb 8, 2018

Right now all external links, open up a new tab, I think this was requested before in our #suggestions channel on discord. But yeah we could either open a modal or open a new tab with our redirect confirmation page, and show them the URL, with a button to proceed or not to proceed. When they click the button to not proceed, the new tab can be closed automatically, with window.close()

@Sekhmet Sekhmet self-assigned this Mar 11, 2018
@Sekhmet Sekhmet added this to the v2.5 milestone Mar 11, 2018
@Sekhmet Sekhmet added this to In Progress 🏗 in Workflow Mar 11, 2018
@bonustrack bonustrack modified the milestones: v2.5, v2.6 Apr 7, 2018
@bonustrack bonustrack moved this from In Progress 🏗 to TODO ✅ in Workflow Apr 9, 2018
@bonustrack bonustrack moved this from TODO ✅ to Backlog 💡 in Workflow Apr 9, 2018
@Sekhmet Sekhmet moved this from Backlog 💡 to In Progress 🏗 in Workflow Apr 12, 2018
@Sekhmet Sekhmet moved this from In Progress 🏗 to Ready 👏 in Workflow Apr 13, 2018
@Sekhmet Sekhmet changed the title Report a security issue Add exit page for external links Apr 27, 2018
Workflow automation moved this from Ready 👏 to Sprint 0 May 8, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Sekhmet Sekhmet

Labels
feature in progress
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Sekhmet @jm90m @bonustrack @cryptohazard