Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Report this Comment
Use this form to report the selected comment to the moderators. Reporting should generally be used only if the comment breaks forum rules.

59. Re: Firm Says Steam URLs Exploitable Oct 18, 2012, 10:44 Dev
 
ZOMG NOES! Links are unsafe!?!


Also, last time I checked, valve had disabled then "run any URL from steam" functionality. It has to be an actual steam url, and you can't just give the whole url, but have to go through its system. So for instance, you can give it an appid and it will open any store page, but it won't open steam://www.whackyVirusHere.com
I was trying to find a way to make a steam url for a greenlight vote page, and I couldn't since steam hasn't integrated that into the URL stuff yet.
hb3d wrote on Oct 17, 2012, 19:53:
Valve needs to autoupdate Steam to get rid of the URL handler as an immediate step to blunt this attack, but the Steam website is full of the URL's so it's going to break all that functionality.
This is highly likely to be their move IF they do anything. Regardless of what it breaks. They have a history of just disabling entire features/functionality rather than fixing bugs/exploits within them.

This comment was edited on Oct 18, 2012, 11:00.
 
 
Subject
  
Optional
Message
 
Login Email   Password Remember Me
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
 




footer

Blue's News logo