[Security] Add an external link warning
**Is your feature request related to a problem? Please describe.**
Currently there are external links in Decidim, some of which can be entered by the participant users (comments, private messages, profile link, etc.). This can potentially expose the users to phishing attacks in case a malicious user enters a link to a site they control where they have implemented exactly the same layout as the source site. This kind of attempt could trick the user e.g. to enter their password on a site which is no longer the site they assume.
**Describe the solution you'd like**
There should be a special page inside Decidim which warns a user that they are about the leave the site to an external page. The user should be able to click a button to agree that they understand they are leaving the site. Clicking the button should open the actual target URL.
**Describe alternatives you've considered**
Each of these "special" warning pages should have a unique URL in order not to affect how search engines process the links.
The special page should also have the "noindex" meta tag define on them in order to keep these warning pages out from the search indexes.
Additionally, I'd like some sort of a way to control the external links domain "whitelists" which would open without this warning. This could be needed e.g. for the city's own site's which generally do not expose such security issues.
In the attachment, there is an example of such warning page implemented at HackerOne. **Does this issue could impact on users private data?**
Yes, it has a potential positive affect on users' private data, keeping them more secured.
This proposal has been accepted because:
- Reviewed by @product and accepted in the main project
- Developed by Mainio Tech
- Available in release 0.25 via #7397
List of Endorsements
Report inappropriate content
Is this content inappropriate?