Copy/Paste

[adrian_broher]

That looks a bit unsafe / exploitable...

How? The URLs passed are well known and static. It's not like we're passing content from a potential malicious server or other clients through the system call.

[Geoff the Medio]

The URLs passed are well known and static. It's not like we're passing content from a potential malicious server or other clients through the system call.

Exactly that could happen, if a player connects to a server with modified content files. Also, players can currently put markup into, for example, ship names, and these will be processed and turned into clickable links in sitrep messages. Markup is also processed by the messages window, but it doesn't turn them into links, although in future it probably could / should also be capable of showing clickable links.

Even if those particular "holes" are fixed, somehow without limiting functionality, others might be missed... and so I think it'd be safer to call something URL-specific (which I suppose can also be exploited if sending someone to a suitable website, but at least it's a bit safer than opening arbitrary files on the local system...)

[adrian_broher]

You're moving goalposts here.

Would be nice to have links to freeorion.org or copyright text websites work from in-game.

Exactly that could happen, if a player connects to a server with modified content files.

Neither the COPYING file nor the freeorion url are fetched from the server.

Also, players can currently put markup into, for example, ship names, and these will be processed and turned into clickable links in sitrep messages.

How is this internal mechanism even related to the links you want to handle?

[Geoff the Medio]

I'm assuming links to websites in arbitrary text will be implemented with markup just like intra-pedia or sitrep-to-pedia type links.

Sitreps can contain player-written text (names), and after modifications Dilvish is working on now, arbitrary sitrep text could be sent without fetching from the client-side stringtable.

[em3]

You can hardcode a whitelist of command patterns allowed (i.e. only URLs that point to freeorion.org - based sites). Or add it to client configuration.

[Dilvish]

You can hardcode a whitelist of command patterns allowed (i.e. only URLs that point to freeorion.org - based sites). Or add it to client configuration.

Seems like something along those lines should be safe enough.

[Geoff the Medio]

I made a pull request attempting to implement the OpenURL function as suggested earlier. Testing would be helpful...

https://github.com/freeorion/freeorion/pull/318