I am currently developping a webapp using Powerapps for a company as an intern. The application is doing great but still has a big security issue with it... external links.
As the title implies, I'm using Chrome kiosk mode (--kiosk) to display my app, as its used on a big touchscreen which can be used by anyone from the company passing by, to display PDF files when you select them from a SharePoint List.
Quick precision if that matters at all : The computer is setup so it automatically starts (via WinLogon\Shell) on Chrome instead of Explorer.
Problem being, some PDF files have external links in them, which will open a new tab within the kiosk mode, and making it impossible to go back to the application without connecting a keyboard.
Blocking IPs using host-rules wouldn't work as it still launches a new tab but blocks the content... I also can't use add-ons to block links as I need admin rights to do so.
I found out later that using "--app" in addition to "--kiosk" makes it so clicking on a link opens a new window instead of a new tab, which might help find other solutions, but I don't have it active on the big screen as I need an administrator to change this kind of settings.
I also noticed that, the previous application (which was a ".exe" I didn't developp and was doing poorly) couldn't open links, or at least didn't display them. My two theories on this is either the app was always displayed on top, or changing the WinLogon\Shell to the executable made it impossible for it to start a browser without Windows Explorer opened.
These theories made me think about solutions such as forcing focus on the application tab/window (just like when you press ctrl+leftclick on a link), but I couldn't find a solution for this.
So that's everything I could gather for this one single specific problem, if anyone has any more ideas and/or suggestions I'd love to hear them.
PS:Sorry if sometimes my grammar is bad/I don't use correct wording, not a native english speaker
