newhouse/url-tracking-stripper

strip google redirections

Closed this issue · 5 comments

Google Calendar wraps URLs within events so that they look like:

This should be stripped back to:

Hi @aspiers and thanks for using the extension!

I'm actually seeing the desired behavior (where https://global.gotomeeting.com/join/123456789 is plucked out of the original URL). Are you experiencing something different?

I can tell by a) looking for this extension's icon to light up in the toolbar and then it tells me that it skipped a redirect OR b) right-clicking the google.com URL and selecting "Copy and Clean LInk" and then pasting the cleaned up result.

Are you not experiencing this?

Right-click works but the icon doesn't light up. Having said that, directly clicking it may be stripping it, but I can't tell because when I hover over the URL prior to clicking, it shows the unstripped version. So maybe it's just that the redirect is happening too quickly to notice. N.B. that this is for URLs within event descriptions in Google Calendar. So I guess they might not even be present in the DOM when the page is loaded; only when the calendar event is clicked to show its details.

Thanks for the response. I think that things are working here as far as I can tell. You're right to wonder about the unstripped version being shown while hovering: that's Chrome playing nice with Google and making it look like it's a straightforward-and-direct URL but it's not. It's misleading IMO, and one of the reasons why I think this extension is good.

The extension doesn't do any DOM parsing, but rather uses available APIs (webRequest.onBeforeRequest for navigation intercepts and contextMenu.create.onclick for right-clicks) to know about what the URL is.

Anyways, I think we're good here so I'm going to close this one. I suspect if you turn off this extension and try clicking the link above again, you'll have time to see it pass through google.com before getting to gotomeeting.com before it redirects yet again to some sort of download/install (for me at least)...which is different than if the extension was running.

@newhouse commented on 19 Jul 2018, 18:10 BST:

Thanks for the response. I think that things are working here as far as I can tell.

Yes I think they are, thanks!

You're right to wonder about the unstripped version being shown while hovering: that's Chrome playing nice with Google and making it look like it's a straightforward-and-direct URL but it's not. It's misleading IMO, and one of the reasons why I think this extension is good.

Not sure I fully understand; here it sounds like you are referring to unstripped URLs such as https://www.google.com/url?q=https%3A%2F%2Fglobal.gotomeeting.com%2Fjoin%2F891071189&sa=D&usd=2&usg=AFQjCNFgjU5BBKGtVH0os0w5VGEW5fhmQg "straightforward-and-direct" but I would have instead referred to the stripped version https://global.gotomeeting.com/join/123456789 as straightforward-and-direct.

Naming aside, with the extension disabled or not installed, Chrome's mouseover is showing the URL which it navigates to, so I'm not sure what is misleading about that. If anything, the extension makes the behaviour misleading since when installed and enabled, the mouseover shows the unstripped URL, yet clicking the link will navigate to the stripped version ... but just to be clear I'm certainly not complaining about the extension. I'm guessing the mouseover URL is unaffected because of the implementation only intercepting at click-time, not during page load / render:

The extension doesn't do any DOM parsing, but rather uses available APIs (webRequest.onBeforeRequest for navigation intercepts and contextMenu.create.onclick for right-clicks) to know about what the URL is.

I don't know how easy it would be to achieve, but I think it would definitely be less misleading if the mouseover URL was the exact URL which gets visited when the link is clicked. It's slightly scary to realise that a malware extension could hijack any innocent click and take the user somewhere they really don't want to go. So in the interests of keeping this benign extension as honest and transparent as possible, IMHO it would be worth fixing the mouseover. I can submit a separate issue for that if you want?

Anyways, I think we're good here so I'm going to close this one. I suspect if you turn off this extension and try clicking the link above again, you'll have time to see it pass through google.com before getting to gotomeeting.com

Indeed you were correct about this, so yes it is working :-)

before it redirects yet again to some sort of download/install (for me at least)...which is different than if the extension was running.

I didn't get that second redirect, probably due to some cookies indicating I don't need a download/install. But that's not really relevant here.

Thanks a lot for your responsiveness and help!!

@aspiers commented on 20 Jul 2018, 11:35 BST:

I don't know how easy it would be to achieve, but I think it would definitely be less misleading if the mouseover URL was the exact URL which gets visited when the link is clicked. It's slightly scary to realise that a malware extension could hijack any innocent click and take the user somewhere they really don't want to go. So in the interests of keeping this benign extension as honest and transparent as possible, IMHO it would be worth fixing the mouseover. I can submit a separate issue for that if you want?

Submitted as #68.