I’ll improvise a bit since it’s after midnight and I’m tired after the whole day. It’s mostly inspired by this topic.
In your TelegramVM create a file named mybrowser.desktop inside ~/.local/share/applications/ containing:
[Desktop Entry]
Encoding=UTF-8
Name=MyBrowser
Exec=qvm-open-in-vm --view-only Telegram-URL-Handler-VM %u
Terminal=false
X-MultipleArgs=false
Type=Application
Categories=Network;WebBrowser;
MimeType=x-scheme-handler/unknown;x-scheme-handler/about;text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
Then in your TelegramVM run the following commands:
$ xdg-mime default mybrowser.desktop x-scheme-handler/https
$ xdg-mime default mybrowser.desktop x-scheme-handler/http
In dom0 create a new named disposable and give it the name Telegram-URL-Handler-VM. Then still in dom0 open the Policy Editor GUI, open the 30-user policy and write there:
qubes.OpenURL * TelegramVM Telegram-URL-Handler-VM allow target=Telegram-URL-Handler-VM
qubes.OpenInVM * TelegramVM Telegram-URL-Handler-VM allow target=Telegram-URL-Handler-VM
qubes.OpenURL * Telegram-URL-Handler-VM @anyvm deny
qubes.OpenInVM * Telegram-URL-Handler-VM @anyvm deny
Then save this policy. Assuming I didn’t forget anything, from now on by clicking on a link in your TelegramVM qube it should open in a browser in the qube Telegram-URL-Handler-VM.
And if I did forget, provide some feedback - I’ll correct myself after getting some sleep.