TL;DR
DFINTY plans to
-
Vote to ADOPT proposal 131702
-
Propose a governance upgrade where the restriction of the URL is removed
-
Investigate whether other measures should be added
Context
A proposal can contain a URL field. For security reasons, and since most proposals have been discussed on the forum in the past, the governance canister currently only allows the domain “forum.dfinity.org”. The motion proposal 131702 proposes to remove this restriction.
DFINTY’s vote
DFINITY agrees with the motion and will vote to adopt the proposal.
DFINTY’s proposal
We propose to not restrict the URL at all and plan to submit a proposal to upgrade a version of the governance canister without this restriction. This seems to be in line with the proposal as it mentions “Other solutions could also be very useful and presented to the community by the DFINITY Foundation”.
In addition, we plan to investigate if further actions are needed for security. Although it is challenging to fully prevent users from adding spam or malicious URLs, we plan to check if it makes sense to add some sanitization in the NNS frontend dapp when displaying the links or to add a warning to the NNS frontend dapp when users click on external links.