From 28e39d27349822e2842b1013189c0d83321ab25c Mon Sep 17 00:00:00 2001 From: Salvador Cipolla Date: Fri, 10 Apr 2026 19:46:45 -0300 Subject: [PATCH] Verify browser URL before opening (C1 Fix) --- Knossos.NET/Classes/KnUtils.cs | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/Knossos.NET/Classes/KnUtils.cs b/Knossos.NET/Classes/KnUtils.cs index 6c25c9c0..c5d9df00 100644 --- a/Knossos.NET/Classes/KnUtils.cs +++ b/Knossos.NET/Classes/KnUtils.cs @@ -349,24 +349,31 @@ public static string GetOSNameString() /// public static void OpenBrowserURL(string url) { + // Check URL + if (string.IsNullOrWhiteSpace(url) || !Uri.TryCreate(url, UriKind.Absolute, out var uri) || (uri.Scheme != Uri.UriSchemeHttp && uri.Scheme != Uri.UriSchemeHttps)) + { + Log.Add(Log.LogSeverity.Warning, "KnUtils.OpenBrowserURL", $"Not opening web browser link due to invalid or unsafe URL: {url}"); + return; + } + try { using (var process = new Process()) { if (IsWindows) { - process.StartInfo.FileName = "cmd"; - process.StartInfo.Arguments = $"/c start {url}"; + process.StartInfo.FileName = uri.ToString(); + process.StartInfo.UseShellExecute = true; } else if (IsLinux) { process.StartInfo.FileName = "xdg-open"; - process.StartInfo.Arguments = url; + process.StartInfo.Arguments = uri.ToString(); } else if (IsMacOS) { process.StartInfo.FileName = "open"; - process.StartInfo.Arguments = url; + process.StartInfo.Arguments = uri.ToString(); } process.StartInfo.CreateNoWindow = true; process.Start();