Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Report this Comment
Use this form to report the selected comment to the moderators. Reporting should generally be used only if the comment breaks forum rules.

61. Re: Firm Says Steam URLs Exploitable Oct 18, 2012, 11:01 Dev
 
Also, when I RTFA:

According to tests performed by the ReVuln researchers, Internet Explorer 9, Google Chrome and Opera display warnings and the full or partial steam:// URLs before passing them to the Steam client for execution. Firefox also requests user confirmation, but doesn't display the URL and provides no warning, while Safari automatically executes steam:// URLs without user confirmation, the researchers said.
...
In order to protect themselves users can disable the steam:// URL protocol handler manually or with a specialized application, or can use a browser that doesn't automatically execute steam:// URLs


I think that regardless of if the link comes from a javascript or not, at some point the browser gets to the part where its going to pass the URL on, and if its set to prompt it should prompt at that stage.

If you really want info on the steam:// then check out valve's documentation on it:
https://developer.valvesoftware.com/wiki/Steam_browser_protocol
(note that steam://openurl part only works if specific URLs are given to it, it doesn't just open any random internet url)
 
 
Subject
  
Optional
Message
 
Login Email   Password Remember Me
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
 




footer

.. .. ..

Blue's News logo