DFINITY’s vote on proposal 131702 to allow more domains for proposal URLs

TL;DR

DFINTY plans to

  • Vote to ADOPT proposal 131702

  • Propose a governance upgrade where the restriction of the URL is removed

  • Investigate whether other measures should be added

Context

A proposal can contain a URL field. For security reasons, and since most proposals have been discussed on the forum in the past, the governance canister currently only allows the domain “forum.dfinity.org”. The motion proposal 131702 proposes to remove this restriction.

DFINTY’s vote

DFINITY agrees with the motion and will vote to adopt the proposal.

DFINTY’s proposal

We propose to not restrict the URL at all and plan to submit a proposal to upgrade a version of the governance canister without this restriction. This seems to be in line with the proposal as it mentions “Other solutions could also be very useful and presented to the community by the DFINITY Foundation”.

In addition, we plan to investigate if further actions are needed for security. Although it is challenging to fully prevent users from adding spam or malicious URLs, we plan to check if it makes sense to add some sanitization in the NNS frontend dapp when displaying the links or to add a warning to the NNS frontend dapp when users click on external links.

2 Likes

Cool.

(By the way, if someone from the team wants to answer my somehow related open question from last week: TransferSnsTreasuryFunds: What URL?)

Shouldn’t it rather be sanitized by the NNS Governance backend? Feels like it would make sense to sanitize inputs like http://, <script>, or base64 in the backend otherwise any clients have too. I am happy to implement a sanitizer in my proposals.networks frontend, but it’s cool if the data is sanitized by default.

1 Like

I agree it should be sanitized in the backend.

Technicality speaking sanitizing in the frontend on rendering (not input obviously) does work but that would put any 3rd party frontend at risk.

I assume the links wouldn’t be HTML but just a valid URL so no in depth sanitizing is needed, but you’d at least want to make sure the protocol is limited, javascript:alert("hello") would be a bad url :sweat_smile:

1 Like

Well done @krzysztofzelazko. Your proposal is not only successful, but it has a high probability of being implemented in a reasonable timeframe. That’s pretty cool.

1 Like