The goal of this project is to develop a browser extension that validates all external link calls on a webpage against a configurable whitelist. The extension must ensure that only links pointing to predefined, trusted domains can be opened. Any external target outside the whitelist should be blocked. A critical requirement is that the extension must not only check standard links (e.g., <a> tags, JavaScript redirects, meta-refresh) but also content inside iFrames. The extension must identify all iFrames on a page, inspect their contents, and validate all their link targets against the whitelist as well. This includes dynamically loaded content (e.g., added through JavaScript, AJAX, or SPA frameworks), which should be continuously monitored so newly created links are also checked. The whitelist must be centrally configurable within the extension. At a minimum, the following options are required: • Management of an allowlist of approved domains (including support for patterns such as *.example.com) • Differentiation between internal and external links based on the current domain • Optional configurable actions when a violation occurs (block, show warning dialog, log event) Technically, the extension should be implemented for major browsers (initially Chrome/Chromium-based browsers, optionally Firefox later). It should watch for DOM changes on the active page, inspect link attributes (href, target, onclick, etc.), and prevent navigation if the target is not on the whitelist. For iFrames, the extension must—within the limits of the same-origin policy—access their content to check all embedded links. Where direct access is not possible due to browser security restrictions, this must be clearly documented, and alternative safeguards should be introduced (e.g., blocking non-whitelisted iFrame sources entirely). Non-functional requirements: • Stable operation without noticeably slowing down page rendering • Clear and user-friendly notifications when a link is blocked • Simple configuration dialog for managing the whitelist • Optional logging of blocked navigation attempts for audit or analysis The final deliverable is a fully functional browser extension that has been tested in defined environments and reliably prevents users from opening non-whitelisted external links—including links inside iFrames.