Feature #1287
closed
Telegram website redirects to add if JavaScript is enabled
Added by Anonymous 6 days ago.
Updated 5 days ago.
Description
Sometimes, when opening links containing registered app protocol (e.g., Telegram), the browser automatically redirects the user to the app to open that link. Changing settings on the Android side does not prevent this behavior, so the feature must be on the browser side. This is extremely important from a privacy standpoint, as a careless redirect to the app could expose the user and lead to serious consequences. I consider this feature to be a high priority and would like to see it implemented as soon as possible.
Files
- Status changed from New to Feedback
- Assignee set to Soren Stoutner
- Priority changed from Next Release to 3.x
Can you provide an example URL where this happens?
Soren Stoutner wrote in #note-1:
Can you provide an example URL where this happens?
Clicking on the link "https://t.me/durov" in Google immediately opens it in the Telegram app, and there is no way to prevent this.
When I click on the link it loads in Privacy Browser just fine (see attached screenshot). Can you please provide a detailed list of steps to reproduce your issue?
Soren Stoutner wrote in #note-3:
Can you please provide a detailed list of steps to reproduce your issue?
Do you have the Telegram app installed? To reproduce this issue, simply Google "t.me/durov" and click on the first link to open it immediately. After clicking, you will be automatically redirected to the Telegram app if you are logged into your account there.
I think this also happens with all installed client apps whose web versions have a similar redirect, but I only have one such app installed — Telegram.
For example, this is a setting in the Vivaldi browser that prevents redirection to apps when opening links.
- Subject changed from Preventing redirection to apps to Telegram website redirects to add if JavaScript is enabled
- Status changed from Feedback to Closed
Below is a link to a video showing how my device behaves (the link will expire after about a month). In the video you will see that I have searched https://google.com for t.me/durov. When I click on the link for https://t.me it loads Telegram's website inside of Privacy Browser. From there, if I want, I can click on the "View in Telegram" button if I desire, which loads tg://resolve?domain=durov, causing the Telegram app to load.
https://nextcloud.stoutner.com/s/QirTstaabbj8kS9
This is Privacy Browser's default behavior. However, if you enable JavaScript for Telegram's website (t.me), then it uses JavaScript to load the tg://resolve?domain=durov URL automatically as soon as the website loads. I suspect that is what you have done, either by enabling JavaScript systemwide, or by enabling it for t.me using Domain Settings.
Disabling JavaScript for t.me should resolve the problem for you. However, if you are still experiencing this problem with JavaScript disabled, please reply and I will reopen the bug.
Also available in: Atom
PDF
