I have a custom url protocol handler for urls of the form myhandler://path/to/something. This is registered to a locally installed client application that handles the requests and does "the right thing".
However, when I have a link of that form in outlook (2007), outlook displays a big scary warning that says:
Microsoft office has identified a potential security concern
This location may be unsafe
…Hyperlinks can be harmful to your computer and data. To protect your computer, click only those hyperlinks from trusted sources.
Do you want to continue?
I am aware of the outlook registry key that would enable me to disable these warnings entirely (http://support.microsoft.com/?kbid=925757), but I don't want to be a "bad citizen" on the machine.
Is there some way that I can "whitelist" my url protocol handler to indicate that I have done due security diligence without opening up access to other URL protocol handlers on the machine that might not be hardened to malicious user input?
Outlook does not prompt for URLs of the form http: https: mailto: (and perhaps others). Is this list hardcoded somewhere deep in the bowels of office or is there some way to add my specific protocol to the list?
Best Answer
Looking at how to do this for Outlook 2013, I used @bmadtiger's answer to figure out the path for a registry key to trust a single protocol. For Outlook 2013, the
Policies\Microsoft\Office\15.0\Commonkey does not exist by default, so you have to add it yourself.So, to trust a single protocol, add the following key:
Where
{version}is the internal version of office and{protocol}is the protocol that you want to trust.{version}is14.0{version}is15.0{version}is16.0For example, for Office 2013 and protocol
ttstudio:If you're looking for a registry file to do so, simply paste the following into a
.regfile, changing{version}and{protocol}as necessary, and then execute said registry file: