Link preview / protection in workbench

[octref]

With Markdown support in HTML/CSS extensions, users would see links going to external websites such as https://developer.mozilla.org/en-US/ and https://www.w3.org/. When displaying these links, we need to protect users as we don't control the linked websites.

Previous proposal. After you click link:

Notification asks you to whitelist domains:

After that, a setting would be written to css.whiteListDomains. Next time you click open that link, it opens in browser directly.

We had some concerns this complicates a simple link opening. Here's my alternative proposal:

This applies to JS/TS as well:

For command links (GitLens), this would also give more context as to what command would be run. Maybe we can truncate the command to only show command but not its args.

[octref]

/cc @aeschli Since you didn't like the notification either.

[jrieken]

For external links, can’t we copy what websites like wikipedia do and add an ‘external’ icon to the text. Like so:

For command links (GitLens), this would also give more context as to what command would be run. Maybe we can truncate the command to only show command but not its args.

Strong disagree. I think that would ruin the command link experience. Also, I don't understand how command links (which only work when markdown content is marked as trusted) are the same problem as external websites.

[octref]

@jrieken Would showing the link preview only for http/https links work for you?

We discussed about showing just an icon. It's a good idea and we can even show icons of different colors depending on scheme (http, command, etc). But it doesn't reveal the link and some of us feel we should make sure link location is shown before user can click (explicit consent & assume the risk).

I can bring this up in next week's UX review.

[jrieken]

Would showing the link preview only for http/https links work for you?

Yeah, foremost I think this should only be done for http/https links, not for file- or command-links. I don't think colors help because in contrast to said icons, there is no well-accepted color metaphor for external links.

Instead of showing this so prominent, wouldn't it be enough to show its href as title/hover thing? That what I would have accepted...

[octref]

Currently if you hover over it for 3 seconds there's the default tooltip over the link.

We could override it to show a quicker, themed tooltip.

Instead of showing this so prominent

I'll prepare some alternatives that make this less prominent for next UX meeting.

[jrieken]

Currently if you hover over it for 3 seconds there's the default tooltip over the link.

Which is what I am used to tbh