Make hyperlinks "bust out" of Via

[jon-betts]

When a user clicks on a link (as in an <a href=...) and navigates to a new page they should not remain in Via. The should navigate to the non-Via-prefixed version of the new URL. Links should possibly open in a new tab, too.

It may cut down the opportunities for using us maliciously if we stopped rewriting all links on the page so that you can surf about with us. It seems most of the phishing damage may have been done if you can the first page in front of the user though.

This means that we could only be used to mask one URL of the journey rather than multiple.

[lyzadanger]

This is a powerful idea. I think I take it as accepted wisdom that we must retain the user in our walled-proxy-garden. What if we...didn't?

[seanh]

I believe it's already a requirement for LMS that users can't stay within via while following links:

• Open links in a new tab in the LMS app lms#451
• Get Via HTML running on the new infrastructure via#235

I wonder if this got forgotten in LMS's move from legacy Via to Via HTML?

It looks like legacy Via at least has a via.external_link_mode query param that causes links to open in new tabs, so maybe all we need to do is remove that query param and have the new-tabs behaviour be always-on.

I don't think that will handle other ways of navigating the page though, such as form submissions or JavaScript

[esanzgar]

Removing 'persistence' have been also requested by support.

Could removing 'persistence' allow to simplify the technology stack? Would pywb still be needed?

[jon-betts]

ViaHTML supports via.external_link_mode. Yes pywb would be needed. Rewriting links is one of the easier problems to solve. The main thing any iteration of Via does is inject the client.