Black/White List for External Pages

To prevent phishing attacks when opening an external page, you can define a black/white list ensuring that a RedirectPage or URL action cannot be redirected to a harmful site.

In the <update.web> section of the settings.xml file, define a <NavigationSecurity> element containing black/white listed pages.

<NavigationSecurity unguardedNavigation="Warning">
	<RegexDictionaryEntry>
		<Key>www.my-good-website.com</Key>
		<Value>Allow</Value>
	</RegexDictionaryEntry>
	<RegexDictionaryEntry>
		<Key>www.areyousure.org</Key>
		<Value>Warning</Value>
	</RegexDictionaryEntry>
	<RegexDictionaryEntry>
		<Key>www.buy-me.com</Key>
		<Value>Deny</Value>
	</RegexDictionaryEntry>
</NavigationSecurity>

Available values:

Allow: The page is opened (in a new tab).
Warning: A prompt asks the user if the page should be opened.
Deny: A message is displayed informing the user that the page can not be opened.

Use the unguardedNavigation attribute to define the default behavior for pages for which no entry exisits.

Note: The black/white list is not applied to external links opened from within records.

Due to its security handling, Google Chrome displays pages flagged with 'Allow' and pages flagged with 'Warning' differently: If you have defined two URL actions both with target e.g. set to _blank, the URL flagged with 'Allow' is opened in a new window, the URL flagged with 'Warning' is opened in a new tab.