Skip to content

"Opening URIs can be insecure" warning appears, but link is still opened. #221255

New issue
New issue
Closed
#265940
Closed
"Opening URIs can be insecure" warning appears, but link is still opened.#221255
#265940
Assignees
anthonykim1
Labels
bugIssue identified by VS Code Team member as probable buginsiders-releasedPatch has been released in VS Code Insidersterminal-links
Milestone
September 2025
@foxt

Description

@foxt
foxt
opened on Jul 9, 2024

Does this issue occur when all extensions are disabled?: Yes/No

  • VS Code Version: Version: 1.92.0-insider
  • OS Version: macOS 12.7.5

Steps to Reproduce:

  1. In the terminal, run
    • echo -e "\e]8;;spotify://\e\hello\e]8;;" (if you have Spotify installed)
    • echo -e "\e]8;;ical://\e\hello\e]8;;" (on a Mac)
    • echo -e "\e]8;;ms-windows-store://\e\hello\e]8;;" (on Windows)
  2. Click the link in the terminal.
    You will get a popup prompt asking if you want to open the URI, but the URI will also be opened immediately (even if you don't click Allow)

Seems like the check is here:

vscode/src/vs/workbench/contrib/terminalContrib/links/browser/terminalLinkManager.ts

Lines 115 to 134 in a4a56d8

if (this._terminalConfigurationService.config.allowedLinkSchemes.indexOf(scheme) === -1) {
this._notificationService.prompt(Severity.Warning, nls.localize('scheme', 'Opening URIs can be insecure, do you want to allow opening links with the scheme {0}?', scheme), [
{
label: nls.localize('allow', 'Allow {0}', scheme),
run: () => {
const allowedLinkSchemes = [
...this._terminalConfigurationService.config.allowedLinkSchemes,
scheme
];
this._configurationService.updateValue(`terminal.integrated.allowedLinkSchemes`, allowedLinkSchemes);
}
}
]);
}
this._openers.get(TerminalBuiltinLinkType.Url)?.open({
type: TerminalBuiltinLinkType.Url,
text,
bufferRange: null!,
uri: URI.parse(text)
});
, but it only checks when showing the notification. The link is opened unconditionally.

Metadata

Metadata

Assignees

Labels

bugIssue identified by VS Code Team member as probable buginsiders-releasedPatch has been released in VS Code Insidersterminal-links

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions