-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
data-saferedirecturl defeats URL stripping #69
Comments
Also worth noting that this creates the exact opposite effect of the problem described in #68: the stripped URL is shown on mouse-over, but the hijacked URL is actually used on click. |
@cameronrcraig commented on 22 Aug 2018, 19:43 BST:
I was already aware of that rule, but it doesn't work for me in Gmail at least, most likely because the extension doesn't consider
It definitely is, otherwise I would not have seen Gmail hijacking my links.
Thanks for sharing! Please could you start submitting pull requests for these changes one by one, so that we can all work together as a community on building the best possible single unified codebase? (Please don't submit 11 commits in a single PR, since that would significantly complicate and slow down the review process, due to mixing non-controversial changes with potentially controversial ones, and for other reasons.) |
Hi everyone, a bit to unpack here. @aspiers: regarding the original issue filed here, the extension should handle and skip such redirects that you mention. If it is not doing it for you, then it might be a bug. One thing I noticed in your example is that you use So, when you say
can you elaborate? What happens for you and why do you think it doesn't work? Can you provide some more details about an example of when it didn't work and you thought it should? For me the extension does skip those redirects when I click on links in my Gmail, so I'm not sure what you're experiencing. I can tell by either 1) clicking on a link in gmail and then the extension's icon will indicate to me that it's skipped a redirect or 2) paste a link from a Also while this snippet here is accurate
...it is-not / would-not be responsible for handling (or not handling) the redirects that you're talking about. The extension does not go all over your webpages and replace redirects and tracking parameters in every So, at this point I'm going to assume that the extension is working as it should and close this issue. Please feel free to open this as a bug if you still believe after having another look that something's wrong. @cameronrcraig I would definitely welcome any pull requests for things that you think would be universally desirable for users! |
Backing up @cameronrcraig .. I am looking for a plugin specifically to disable I'm not in a position to help with a PR, but would be happy to support development of this feature. EDIT: I'll just use Cameron's version until the code is pulled in to master. Also, I'm happy to help break up PR #71 in to more manageable PRs |
I wonder what this PR was supposed to do? What I see, when using the official branch, is that an email from github which I receive in gmail's webmail is still wrapped in a It's only when I'm on the github site that the URL Tracking Stripper extension claims to have helped (It hasn't) and offers to "Reload with full URL".. (Nothing was skipped here) |
TLDR: It does skip Google and does not pass through its servers. Please let me know if you can show otherwise and how to reproduce it, and I will certainly investigate @YesThatAllen. This will be the last time I comment on this thread. If there still turns out to be some issue, please open another ticket as this one has gotten quite useless. Details:
|
Thanks for this @newhouse. Yes, I've confirmed what you said (more below). I was seeing the google URLs in the address bar, and the rest of the comments here added to the confusion, leading me to think that the google URL was still being visited. (Github allows comments to be dismissed as "resolved" which may help future visitors. To confirm, I set my hosts file for I pasted a redirect URL in an incognito window, and they failed to load. So, yes, this plugin is stifling the Very nice 👏 |
Yeah thanks a lot @newhouse for your patience and very informative replies, and sorry for the late reply.
This is what confused me, and based on the above clearly I wasn't the only one. If there is a way to prevent that from appearing then it would prevent others being similarly confused in the future. But I appreciate that from a technical standpoint that might be very difficult or even impossible to achieve. Maybe instead it would be possible to briefly flash something up showing that the redirect was intercepted and skipped?
Thanks for the image showing this (especially considering I don't have Flash installed so can't view the videos). How did you manage to get that request and redirect response appearing in the Network tab of Chrome's inspector? When I clicked a link in my gmail which has this redirect, I only see a single HTTP POST to https://mail.google.com/sync/u/0/i/s?hl=en-GB&c=32 which gets a 200 response. Just one other loose end to tie up: @newhouse commented on 28 Aug 2018, 15:23 BST:
I'm not sure but I suspect I accidentally removed the https:// protocol when I anonymising the target URL. At least, all the gmail redirects I'm looking at now do include the protocol ( Thanks again! |
View Re-login and retrieve your pending messages. |
If a email mailing list sent me a link but I dont want them to know I clicked the link, is there anyway to find where it redirects to without them tracking my click? |
I see that Gmail are doing something really evil with hyperlinks within emails:
This is also described here:
I really don't want google tracking which links I click on. I'm sure Google would claim that they're doing the user a favour by hiding referrer data from the target web server, but only because they're stealing that data for themselves!
So I think it would be great if this project stripped these
data-saferedirecturl
links.The text was updated successfully, but these errors were encountered: