Use links like steam:// in embeds

Bully

• 20 janvier 2019 05:47

Hi,

I want to share my steam workshopcollection via embed on my server.

This url should open with the steam client and not with the webbrowser

But [example](steam://url/CommunityFilePage/<exampleID>) is not working.

It was awesome if you cann ad other urls like: steam://, ts3server:// and so on

 

Best Regards

 

Bully

18

• 

  ||Jojo||

  • 20 janvier 2019 09:50

  This was working for a while, I think it got removed for security reasons

  0
• 

  donovan_dmc

  • 4 février 2019 06:43

  Adding this would add xss vulnerabilities just like you showed, injecting scripts in embeds. That would be awful, and difficult to filter.

  0
• 

  merlin2v

  • 4 février 2019 20:19

  not really, You could just make an actual link to a phishing website. the script would only be able to load in browser. Plus, you could have a malicious url. it would still show the warning. the only difference is that the bot would be liable for all data uri's it puts out and the bot creator could get in more trouble. In the end, it wont make much of a difference to have data:text/html;base64,[[i am a virus]] vs. http://www.example.com/virus.html. if anything, it is more transparent to have a data uri than it is to have a http link.

  3

Vous devez vous connecter pour laisser un commentaire.