If I understand, that warning would be shown to anyone who clicks on a link posted by a TL0 user?
What if a TL0 users posts a link to one of our KB articles, or StackOverflow, or Wikipedia? I suppose we could whitelist domains, but it seems like all users are being punished instead of the new user being asked to gain trust.
If that was only shown until moderator review, it could work.
No, it would be global for all TL0 user links outside the main domain. Turning it into a manual URL review queue would be a big jump in complexity and UI.
I agree. Almost would need the ability to turn this off, as for our given instance, links are typical, most go to CodePen, or JSFiddle, SQL Fiddle, etc. Sometimes to the user’s own site because they are trying to work out an issue of some sort. In no way would we want to display such a warning on all TL 0 links that link to external resources.
Even whitelisting would be extremely difficult for our community (unfortunately). So if it could be enabled by default, with the ability to turn it off, that’s be great!
After thinking about it, I have very little enthusiasm for this feature. I view it as borderline useless, a lawyerly way of CYA without any real effect on user behavior. It’s just another meaningless warning that appears all the time on external links that users quickly learn to click past without thinking to get where they want to go.
What would work is a plugin that checks domains server-side against a known blacklist of dangerous domains and warns ONLY when attempting to visit known bad domains.
But then again, this is best done at the browser level not at the website level. So the protection would then be global.
This can be a very good function. Several users have already asked to do this and I was thinking about implementing it with the help of a plugin. If it’s in the core, then it’s very good.
If @erlend_sh wants to add such a plugin to the ENCOURAGEMENT fund, that is up to him. Seems like an OK candidate, provided it only warns on known bad domains as stated above.
Global warn on every outgoing link is very, very bad as you are training users to ignore warnings. So bad.
In the social network Vkontakte, that’s exactly how it is implemented. Transitions to the bad domains open the window. The administration has the option to manually add any domain.
I don’t historically derive much value from that kind of indicator, though. Plus we already mini-onebox internal links, like this… Preventing malicious linking … so we already have a “different” version of links.
Why not rewrite to the HTTPS version? It’s astounding they don’t use an HTTP 301 redirect to HTTPS, but for trusted domains / domains that return a 301 upon Discourse reviewing the post and post content it could work.
Hi all,
I’m really happy to build a plugin for the above mentioned task. I am thinking of using Google Safe Browsing API. I tried some sites with the api. Its giving good results
I’m thinking of two ways of triggering this check. We can either check the url when it’s added and add a flag or else we can check when the url is clicked. But I think the first way is better. What u guys think ?
Adding a flag seems like a better idea as checking everytime someone clicks doesn’t seems very resource friendly.
though adding a warning modal to all the flagged links when clicked seems like a bonus.