MNT-15613 the customer has requested that we consider allowing clickable links in the share preview page.
Engineering closed the request saying that it would be a security risk to allow links.
Customer believes there would be no new security risk and Support could not show evidence of a security risks.
Things we have looked at:
1) try to understand what previewer we use.
On my 5.1.2 system it seems we use:
2) confirm that pdf.js can do links looking at the project documentation:
3) try to do it using a PDF with links.
a) go to: http://mozilla.github.io/pdf.js/web/viewer.html
b) click on the "Open file" icon
c) upload the attached test.pdf
d) right click on the link
conclusion: it works see attached video "click_preview.mp4"
4) we do not understand what would be the difference in risk between allowing links in the DOM preview and allowing links in othe rparts of Share (wiki, html content)
5) HTML tags in the other part of the product can be white/black listed see