Launch default browser - and security

A

Alun Harford

I have a chat-type program that automatically highlights URLs. When
somebody clicks on one of those URLs, I use:

System.Diagnostics.Process.Start(url);

to start the default browser at that URL. This works, but has a security
issue I'd like to avoid.


Lets say somebody sends the URL:
file://c:\fire_nuclear_missiles.exe

Now, when somebody in the military uses my program, there's an issue
because that program gets run, instead of the default browser (assuming
that program exists and really does launch nuclear missiles).

If the .NET framework had instead opened the default browser at that
location, it would have instead asked the user if they wanted to
download/run that file. That's the behavior I want.

Does anybody know how to do this?

I tried:

System.Windows.Forms.Help.ShowHelp(null, url);

But that has the same problem.

Alun Harford
 
N

Nicholas Paldino [.NET/C# MVP]

Alun,

I don't know how to make it ask the user if they want to show/run the
program, but I would just deny any URL that is not network based. If you
pass the URL to the Uri class, you can look at the Scheme property and find
out what the scheme is. You can compare it against the static UriScheme*
(where * is the scheme, e.g. http, https, etc, etc) properties to see if the
scheme is one that you want to allow or not.

Hope this helps.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Launch Default Browser with Users Home Page 2
Weird problem with Office 2010 help browser 5
Launch web site with default browser.... 1
default browser strangeness 2
Browser launch and booting problems 1
Make FireFox default browser - How? 1
Avast 7 Will Install Google Chrome, If You Do Not Pay Attention 0
Any plans for a browser plugin to run .NET applets 8

Top