25
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2026-07-01 11:45:26 +02:00
HedgeDoc/public/views/link.ejs
Erik Michelson 814271dc0b feat(editor): add external link warning page
A malicious user could modify a valid looking link (for example of the editor UI)
to point to a malicous site, by using overlays and CSS. Since CSS should stay
enabled, we need to make the user aware of possible risks when leaving the
HedgeDoc instance, in order to protect them from credential-theft.

This commit adds a new interstitial page for external links, that shows the
target URL and asks the user, whether they really want to continue.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2026-06-10 20:15:09 +02:00

41 lines
1.5 KiB
Text

<!DOCTYPE html>
<html lang="en">
<head>
<%- include('hedgedoc/head') %>
<link rel="stylesheet" href="<%- serverURL %>/css/center.css">
</head>
<body>
<%- include('hedgedoc/header') %>
<div class="container-fluid text-center">
<div class="vertical-center-row">
<h1>
<% if (valid) { %>
<%= __('External link') %>
<% } else { %>
<%= __('Invalid link') %>
<% } %>
</h1>
<p>
<%= __('You\'ve clicked a link that points to an external page.') %>
<br>
<%= __('The content of that page is unrelated to HedgeDoc. Do not enter your HedgeDoc credentials there.') %>
</p>
<% if (valid) { %>
<p><code class="text-break"><%- targetURL %></code></p>
<p><%= __('Do you want to continue?') %></p>
<p>
<a class="btn btn-primary" href="<%- targetURL %>"><%= __('Continue to external page') %></a>
<a class="btn btn-default" href="<%- serverURL %>/<%- noteURL %>"><%= __('Back to your note') %></a>
</p>
<% } else { %>
<p class="text-danger"><strong><%= __('The provided link is not a valid URL.') %></strong></p>
<p>
<a class="btn btn-default" href="<%- serverURL %>/<%- noteURL %>"><%= __('Back to your note') %></a>
</p>
<% } %>
</div>
</div>
</body>
</html>