When using the Codex extension in Visual Studio Code, the extension opens external websites without the user consent prompt/confirmation flow I observe with the Copilot extension. This appears to bypass expected external-link protection behavior and increases the risk of drive-by navigation to attacker-controlled sites.
Clarification: A prompt/UI element may appear, but it does not actually restrict navigation - VSCode still opens the link without requiring explicit consent.
Steps to reproduce
-
Install Visual Studio Code and the Codex extension.
-
Configure/sign in to Codex as required.
-
Prompt something to make it shows the hyperlinks
-
Click a link rendered in Codex output
-
Observe: a prompt/UI may appear, but the external website still opens without requiring explicit user confirmation/consent
-
Repeat the same scenario with GitHub Copilot (or Copilot Chat) under the same VS Code settings.
-
Observe: Copilot requires explicit consent / blocks / properly gates external navigation.
Environment
-
VSCode Version: 1.109.5
-
Commit: 072586267e68ece9a47aa43f8c108e0dcbf44622
-
Date: 2026-02-19T19:43:32.382Z
-
Electron: 39.3.0
-
ElectronBuildId: 13313481
-
Chromium: 142.0.7444.265
-
Node.js: 22.21.1
-
V8: 14.2.231.22-electron.0
-
OS: Darwin arm64 25.3.0
-
Codex Version: 0.4.76
Suggested Fix / Mitigations
- Add a hard consent gate: do not open external URLs until the user explicitly approves (e.g., âOpenâ button).