Black/White List for External Pages
To prevent phishing attacks when opening an external page, you can define a black/white
list ensuring that a RedirectPage
or URL
action cannot be
redirected to a harmful site.
In the
<update.web>
section of the settings.xml
file, define a <NavigationSecurity>
element containing black/white
listed
pages.<NavigationSecurity unguardedNavigation="Warning">
<RegexDictionaryEntry>
<Key>www.my-good-website.com</Key>
<Value>Allow</Value>
</RegexDictionaryEntry>
<RegexDictionaryEntry>
<Key>www.areyousure.org</Key>
<Value>Warning</Value>
</RegexDictionaryEntry>
<RegexDictionaryEntry>
<Key>www.buy-me.com</Key>
<Value>Deny</Value>
</RegexDictionaryEntry>
</NavigationSecurity>
Available values:
- Allow: The page is opened (in a new tab).
- Warning: A prompt asks the user if the page should be opened.
- Deny: A message is displayed informing the user that the page can not be opened.
Use the unguardedNavigation
attribute to define the default behavior for
pages for which no entry exisits.
Note: The black/white list is not applied to external links opened from within
records.
Due to its security handling, Google Chrome displays pages flagged with
'Allow' and pages flagged with 'Warning' differently: If you have defined two URL
actions both with target e.g. set to _blank
, the URL flagged with
'Allow' is opened in a new window, the URL flagged with 'Warning' is opened in a new
tab.