Currently we have a default link handler for OSC links that pops up a confirm, since we don't expect real applications to use this we could be more aggressive about the potential danger of using it. We could also elaborate on the linkHandler API docs