Open
Conversation
We are getting a sufficient number of LLM-generated security reports telling us that Ctrl+click and a tooltip are insufficient protection from users clicking on links to dangerous things. This commit displays a warning that prevents users from blindly clicking on dangerous things. Dangerous things include: - any non-http and non-https and non-file URLs - any file URLs that point to something understandable as a "program" (so, something which resides in `PATHEXT`.) In doing this, I learned that `til::ends_with_insensitive_ascii` was broken. I also learned that ContentDialogs summoned by any event handler out of TermControl::Pointer* would lose focus immediately. It turns out that in the absolute earliest days of Terminal, when we first created the UserControl that became TermControl, we added our Tapped event handler. It unconditionally focused the control. Since `Tapped` is a higher-level event handler than `PointerPressed`, it was firing after the gesture that opened the content dialog and stealing focus back. I'm fairly certain we don't need it. Refs #7562
DHowett
commented
Apr 3, 2026
| <value>This link type is currently not supported:</value> | ||
| </data> | ||
| <data name="CouldNotOpenUriDialog.PrimaryButtonText" xml:space="preserve"> | ||
| <data name="UriErrorDialog.CloseButtonText" xml:space="preserve"> |
Member
Author
There was a problem hiding this comment.
I had to rename the dialog because of some business about xaml UIDs causing the wrong resources to be loaded when I changed the Cancel button from being the "Primary" button to correctly being the "Close" button.
DHowett
commented
Apr 3, 2026
DHowett
commented
Apr 3, 2026
| <value>Cancel</value> | ||
| </data> | ||
| <data name="UnsafeUrlConfirmText" xml:space="preserve"> | ||
| <value>This link may lead to an unsafe location. Hyperlinks can be harmful to your computer and data. To protect your computer, only click links from trusted sources.</value> |
Member
Author
There was a problem hiding this comment.
This messaging was used in Notepad. I do not recommend fighting it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We are getting a sufficient number of LLM-generated security reports telling us that Ctrl+click and a tooltip are insufficient protection from users clicking on links to dangerous things.
This commit displays a warning that prevents users from blindly clicking on dangerous things.
Dangerous things include:
PATHEXT.)In doing this, I learned that
til::ends_with_insensitive_asciiwas broken.I also learned that ContentDialogs summoned by any event handler out of TermControl::Pointer* would lose focus immediately. It turns out that in the absolute earliest days of Terminal, when we first created the UserControl that became TermControl, we added our Tapped event handler.
It unconditionally focused the control.
Since
Tappedis a higher-level event handler thanPointerPressed, it was firing after the gesture that opened the content dialog and stealing focus back.I'm fairly certain we don't need it.
Refs #7562