Hi,
> 1. Introduce an "untrusted" mode or flag in browser CLI tools for
> opening external URLs
> 2. Extend xdg-open to support passing this "untrusted" flag or context
> to the browser
> 3. Modify desktop environments or applications to invoke xdg-open with
> the "untrusted" option when appropri
On Mon, 23 Jun 2025 at 20:59:46 +0900, grape mingijung wrote:
During discussions with several Linux distro security teams, the following
suggestions were raised:
1. Introduce an "untrusted" mode or flag in browser CLI tools for
opening external URLs
2. Extend xdg-open to support passing th
On 6/24/25 4:22 PM, Gabriel Corona wrote:
As was said by Solar Designer, if a "safe" version is needed,
it should probably be the default when going through URI scheme
registrations. This is because, as you said, this kind of issue
lies in the interaction between several components (URI sources
Hi!
Simon McVittie je 24. 6. 25 ob 11:43 napisal:
How does this work on other platforms like Windows and macOS? On
Windows, the implementation details are different, but the general
"shape" of the API seems like it's the same: the URL handler registers
itself with the system by saying "I can h
Hello,
Thank you again for your continued attention to this topic.
With respect to sending SameSite=Strict cookies in CLI-initiated
navigations, it seems that different browsers may take slightly different
approaches to this issue. Because of that, it’s hard to predict how things
will develop goi
Hello Mingi Jung,
Thank you for your report and handling of this issue.
On Mon, Jun 23, 2025 at 08:59:46PM +0900, grape mingijung wrote:
> During discussions with several Linux distro security teams, the following
> suggestions were raised:
>
>1. Introduce an "untrusted" mode or flag in brow
