core-agent-linux/qubes.OpenURL at 59b025a652b109f6b6a14d10ad573dc688d80e76 - core-agent-linux - Gitea: Git with a cup of tea

Qubes/core-agent-linux

Marek Marczykowski-Górecki 19921274e1

Implement qubes.OpenURL service instead of wrapping URLs in HTML

This have many advantages:
 - prevent XSS (QubesOS/qubes-issues#1462)
 - use default browser instead of default HTML viewer
 - better qrexec policy control
 - easier to control where are opened files vs URLs

For now allow only http(s):// and ftp:// addresses (especially prevent
file://). But this list can be easily extended.

QubesOS/qubes-issues#1462
Fixes QubesOS/qubes-issues#1487

2016-05-18 01:32:54 +02:00

17 lines

192 B

Bash

Executable File

Raw Blame History

 #!/bin/sh
 read url
 case "$url" in
     http://*|\
     https://*|\
     ftp://*)
         exec qubes-open "$url"
         ;;
     *)
         echo "Invalid URL" >&2
         exit 1
         ;;
 esac