 |
Summary | This theme component adds configurable protection for external links in cooked posts. It applies trust-level–based rules, optional login and information redirects, visual indicators for trusted domains, and a customizable exit confirmation modal. |
 |
Preview | Theme Creator |
 |
Repository | https://github.com/VaperinaDEV/external-link-shield |
 |
Install Guide | How to install a theme or theme component |
 |
New to Discourse Themes? | Beginner’s guide to using Discourse Themes |
Install this theme component
Hello 
I’d like to share a Theme Component that adds fine-grained control over external links in cooked posts, combining:
- trust-level–based access control
- anonymous user protection
- a custom exit confirmation modal
- and visual indicators for trusted vs unknown domains
This component is designed for communities where external links may carry legal, security, or trust implications.
Features
Configurable trust-level rules
All trust-level–based behaviors are fully configurable via theme settings.
You can independently enable or disable:
- anonymous user blocking
- TL0 informational replacement
- TL1 manual reveal requirement
- exit confirmation modal for higher trust levels
This allows the component to adapt to very different community policies, from strict link shielding to minimal user friction.
Trust-level–aware external links
External links behave differently based on the viewer’s trust level:
- Anonymous users
- External links are replaced with a login link or a custom URL defined in the settings.
- TL0
- Links are replaced with a configurable redirect, for example a topic explaining trust levels or any other URL defined in the settings.
- TL1
- Links require manual reveal (click-to-view), then clicking the link shows the exit confirmation modal.
- TL2+
- Links behave normally but always show an exit confirmation modal.
Exit confirmation modal
Before leaving the forum, users see a modal that:
- Clearly states they are leaving the community
- Shows the full destination URL in
<code>tags - Respects the user’s
external_links_in_new_tabpreference
This is especially useful for:
- compliance-heavy communities
- phishing mitigation
- educating less experienced users
Domain-based behavior via settings
The component introduces two theme settings:
internal_domains:
type: list
default: ""
description: "Your forum and CDN domains (e.g., example.com|example-cdn.com). These will have NO icon and NO modal."
excluded_domains:
type: list
default: ""
description: "Trusted external domains (e.g., youtube.com|google.com). These will show a LOCK icon but skip the modal/shielding."
- Internal domains
- Treated as internal → no icon, no modal
- Excluded (trusted) domains
- Show a
lock icon - Skip trust-level gating and the modal
- Show a
- All other external links
- Show an external-link icon
- Are gated and/or confirmed depending on trust level
Visual indicators (SCSS)
Icons are added purely via CSS:
- External unknown links → external-link icon
- Trusted external links → lock icon (success color)
This keeps the DOM clean and avoids JS-based icon injection.
This screenshot shows how the component visually distinguishes between:
- Excluded domains: trusted external links (lock icon, no exit confirmation),
- Internal domains: internal links (no icon, no exit confirmation),
- unknown external links (external-link icon with exit confirmation).
Use cases
This component is useful if you want to:
- Protect users from unsafe or misleading external links
- Educate new users before letting them leave the forum
- Enforce community trust progression
- Add legal / compliance disclaimers without breaking UX
